From 4f5561937cbfbdc722caf65b633d2dc57b44d31f Mon Sep 17 00:00:00 2001
From: Abhishek Kumar <abhishek.mrt22@gmail.com>
Date: Tue, 2 Jul 2024 17:52:52 +0530
Subject: [PATCH 01/24] framework/cluster: improve cluster service and
 integration API service

- mTLS implementation for cluster service communication
- Listen only on the specified cluster node IP address instead of all interfaces
- Validate incoming cluster service requests are from peer management servers based on the server's certificate dns name which can be through global config - ca.framework.cert.management.custom.san
- Hardening of KVM command wrapper script execution
- Improve API server integration port check
- cloudstack-management.default: don't have JMX configuration if not needed. JMX is used for instrumentation; users who need to use it should enable it explicitly

Co-authored-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
Co-authored-by: Wei Zhou <weizhou@apache.org>
Co-authored-by: Rohit Yadav <rohit.yadav@shapeblue.com>

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
---
 .../org/apache/cloudstack/ca/CAManager.java   |   8 +
 .../com/cloud/resource/CommandWrapper.java    |  27 ++-
 .../cloudstack/framework/ca/CAProvider.java   |   4 +
 .../cloudstack/framework/ca/CAService.java    |   3 +
 .../com/cloud/cluster/ClusterManager.java     |   4 +-
 .../com/cloud/cluster/ClusterManagerImpl.java |   7 +-
 .../cloud/cluster/ClusterServiceAdapter.java  |   2 -
 .../cluster/ClusterServiceServletAdapter.java |  18 +-
 .../ClusterServiceServletContainer.java       | 111 ++++++++----
 .../cluster/ClusterServiceServletImpl.java    | 162 ++++++++++++------
 .../cloud/cluster/ClusterManagerImplTest.java |  38 ++++
 .../ClusterServiceServletAdapterTest.java     |   2 +-
 .../ClusterServiceServletContainerTest.java   |  87 ++++++++++
 .../ClusterServiceServletImplTest.java        |  64 +++++++
 .../systemd/cloudstack-management.default     |   2 +-
 .../ca/provider/RootCAProvider.java           |  35 +++-
 .../ca/provider/RootCAProviderTest.java       |  62 ++++++-
 ...LibvirtDeleteVMSnapshotCommandWrapper.java |  17 +-
 .../LibvirtGetVmIpAddressCommandWrapper.java  |  50 ++++--
 ...ibvirtOvsFetchInterfaceCommandWrapper.java |  77 +++++++--
 ...virtPrepareForMigrationCommandWrapper.java |   5 +-
 .../wrapper/LibvirtReadyCommandWrapper.java   |  19 +-
 ...evokeDirectDownloadCertificateWrapper.java |  31 ++--
 ...rectDownloadCertificateCommandWrapper.java |  49 ++++--
 .../wrapper/LibvirtStopCommandWrapper.java    |  16 +-
 ...rtOvsFetchInterfaceCommandWrapperTest.java | 105 ++++++++++++
 ...PrepareForMigrationCommandWrapperTest.java |  45 ++++-
 ...DownloadCertificateCommandWrapperTest.java |  93 ++++++++++
 .../LibvirtStopCommandWrapperTest.java        |  63 +++++++
 .../main/java/com/cloud/api/ApiServer.java    |  16 +-
 .../apache/cloudstack/ca/CAManagerImpl.java   |  11 +-
 .../java/com/cloud/api/ApiServerTest.java     |  73 ++++++++
 .../main/java/com/cloud/utils/FileUtil.java   |  21 ++-
 .../java/com/cloud/utils/script/Script.java   | 126 +++++++++++---
 .../com/cloud/utils/script/ScriptTest.java    |  81 +++++++++
 35 files changed, 1303 insertions(+), 231 deletions(-)
 create mode 100644 framework/cluster/src/test/java/com/cloud/cluster/ClusterManagerImplTest.java
 create mode 100644 framework/cluster/src/test/java/com/cloud/cluster/ClusterServiceServletContainerTest.java
 create mode 100644 framework/cluster/src/test/java/com/cloud/cluster/ClusterServiceServletImplTest.java
 create mode 100644 plugins/hypervisors/kvm/src/test/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtOvsFetchInterfaceCommandWrapperTest.java
 create mode 100644 plugins/hypervisors/kvm/src/test/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtSetupDirectDownloadCertificateCommandWrapperTest.java
 create mode 100644 plugins/hypervisors/kvm/src/test/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtStopCommandWrapperTest.java
 create mode 100644 server/src/test/java/com/cloud/api/ApiServerTest.java
 create mode 100644 utils/src/test/java/com/cloud/utils/script/ScriptTest.java

diff --git a/api/src/main/java/org/apache/cloudstack/ca/CAManager.java b/api/src/main/java/org/apache/cloudstack/ca/CAManager.java
index 12a9d3d7b41c..b0fb1ac73c21 100644
--- a/api/src/main/java/org/apache/cloudstack/ca/CAManager.java
+++ b/api/src/main/java/org/apache/cloudstack/ca/CAManager.java
@@ -77,6 +77,14 @@ public interface CAManager extends CAService, Configurable, PluggableService {
                                                     "15",
                                                     "The number of days before expiry of a client certificate, the validations are checked. Admins are alerted when auto-renewal is not allowed, otherwise auto-renewal is attempted.", true, ConfigKey.Scope.Cluster);
 
+
+    ConfigKey<String> CertManagementCustomSubjectAlternativeName = new ConfigKey<>("Advanced", String.class,
+            "ca.framework.cert.management.custom.san",
+            "cloudstack.internal",
+            "The custom Subject Alternative Name that will be added to the management server certificate. " +
+                    "The actual implementation will depend on the configured CA provider.",
+            false);
+
     /**
      * Returns a list of available CA provider plugins
      * @return returns list of CAProvider
diff --git a/core/src/main/java/com/cloud/resource/CommandWrapper.java b/core/src/main/java/com/cloud/resource/CommandWrapper.java
index d9c1ea234e82..ee6aa161e33e 100644
--- a/core/src/main/java/com/cloud/resource/CommandWrapper.java
+++ b/core/src/main/java/com/cloud/resource/CommandWrapper.java
@@ -19,9 +19,12 @@
 
 package com.cloud.resource;
 
+import org.apache.log4j.Logger;
+
 import com.cloud.agent.api.Answer;
 import com.cloud.agent.api.Command;
-import org.apache.log4j.Logger;
+import com.cloud.utils.exception.CloudRuntimeException;
+import com.cloud.utils.script.Script;
 
 public abstract class CommandWrapper<T extends Command, A extends Answer, R extends ServerResource> {
     protected Logger logger = Logger.getLogger(getClass());
@@ -32,4 +35,26 @@ public abstract class CommandWrapper<T extends Command, A extends Answer, R exte
      * @return A and the Answer from the command.
      */
     public abstract A execute(T command, R serverResource);
+
+    protected String sanitizeBashCommandArgument(String input) {
+        StringBuilder sanitized = new StringBuilder();
+        for (char c : input.toCharArray()) {
+            if ("\\\"'`$|&;()<>*?![]{}~".indexOf(c) != -1) {
+                sanitized.append('\\');
+            }
+            sanitized.append(c);
+        }
+        return sanitized.toString();
+    }
+
+    public void removeDpdkPort(String portToRemove) {
+        logger.debug("Removing DPDK port: " + portToRemove);
+        int port;
+        try {
+            port = Integer.valueOf(portToRemove);
+        } catch (NumberFormatException nfe) {
+            throw new CloudRuntimeException(String.format("Invalid DPDK port specified: '%s'", portToRemove));
+        }
+        Script.executeCommand("ovs-vsctl", "del-port", String.valueOf(port));
+    }
 }
diff --git a/framework/ca/src/main/java/org/apache/cloudstack/framework/ca/CAProvider.java b/framework/ca/src/main/java/org/apache/cloudstack/framework/ca/CAProvider.java
index 388cae7e0074..77b3ee27783c 100644
--- a/framework/ca/src/main/java/org/apache/cloudstack/framework/ca/CAProvider.java
+++ b/framework/ca/src/main/java/org/apache/cloudstack/framework/ca/CAProvider.java
@@ -22,6 +22,7 @@
 import java.security.GeneralSecurityException;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
+import java.security.cert.CertificateParsingException;
 import java.security.cert.X509Certificate;
 import java.util.List;
 import java.util.Map;
@@ -45,6 +46,7 @@ public interface CAProvider {
 
     /**
      * Issues certificate with provided options
+     *
      * @param domainNames
      * @param ipAddresses
      * @param validityDays
@@ -104,4 +106,6 @@ public interface CAProvider {
      * @return returns description
      */
     String getDescription();
+
+    boolean isManagementCertificate(java.security.cert.Certificate certificate) throws CertificateParsingException;
 }
diff --git a/framework/ca/src/main/java/org/apache/cloudstack/framework/ca/CAService.java b/framework/ca/src/main/java/org/apache/cloudstack/framework/ca/CAService.java
index facf13a5cb68..721c88bee507 100644
--- a/framework/ca/src/main/java/org/apache/cloudstack/framework/ca/CAService.java
+++ b/framework/ca/src/main/java/org/apache/cloudstack/framework/ca/CAService.java
@@ -21,6 +21,7 @@
 import java.security.GeneralSecurityException;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
+import java.security.cert.CertificateParsingException;
 
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLEngine;
@@ -47,4 +48,6 @@ public interface CAService {
      * @return returns char[] passphrase
      */
     char[] getKeyStorePassphrase();
+
+    boolean isManagementCertificate(java.security.cert.Certificate certificate) throws CertificateParsingException;
 }
diff --git a/framework/cluster/src/main/java/com/cloud/cluster/ClusterManager.java b/framework/cluster/src/main/java/com/cloud/cluster/ClusterManager.java
index 1b1406c1cecc..54f575830e4a 100644
--- a/framework/cluster/src/main/java/com/cloud/cluster/ClusterManager.java
+++ b/framework/cluster/src/main/java/com/cloud/cluster/ClusterManager.java
@@ -16,8 +16,8 @@
 // under the License.
 package com.cloud.cluster;
 
-import org.apache.cloudstack.management.ManagementServerHost;
 import org.apache.cloudstack.framework.config.ConfigKey;
+import org.apache.cloudstack.management.ManagementServerHost;
 
 import com.cloud.utils.component.Manager;
 
@@ -77,6 +77,8 @@ public interface ClusterManager extends Manager {
      */
     String getSelfPeerName();
 
+    String getSelfNodeIP();
+
     long getManagementNodeId();
 
     /**
diff --git a/framework/cluster/src/main/java/com/cloud/cluster/ClusterManagerImpl.java b/framework/cluster/src/main/java/com/cloud/cluster/ClusterManagerImpl.java
index 289638fe22d8..d601c094ca76 100644
--- a/framework/cluster/src/main/java/com/cloud/cluster/ClusterManagerImpl.java
+++ b/framework/cluster/src/main/java/com/cloud/cluster/ClusterManagerImpl.java
@@ -40,17 +40,17 @@
 import javax.inject.Inject;
 import javax.naming.ConfigurationException;
 
-import com.cloud.cluster.dao.ManagementServerStatusDao;
-import org.apache.cloudstack.management.ManagementServerHost;
 import org.apache.cloudstack.framework.config.ConfigDepot;
 import org.apache.cloudstack.framework.config.ConfigKey;
 import org.apache.cloudstack.framework.config.Configurable;
 import org.apache.cloudstack.managed.context.ManagedContextRunnable;
+import org.apache.cloudstack.management.ManagementServerHost;
 import org.apache.cloudstack.utils.identity.ManagementServerNode;
 import org.apache.log4j.Logger;
 
 import com.cloud.cluster.dao.ManagementServerHostDao;
 import com.cloud.cluster.dao.ManagementServerHostPeerDao;
+import com.cloud.cluster.dao.ManagementServerStatusDao;
 import com.cloud.utils.DateUtil;
 import com.cloud.utils.Profiler;
 import com.cloud.utils.component.ComponentLifecycle;
@@ -130,7 +130,7 @@ public ClusterManagerImpl() {
         // recursive remote calls between nodes
         //
         _executor = Executors.newCachedThreadPool(new NamedThreadFactory("Cluster-Worker"));
-        setRunLevel(ComponentLifecycle.RUN_LEVEL_FRAMEWORK);
+        setRunLevel(ComponentLifecycle.RUN_LEVEL_COMPONENT);
     }
 
     private void registerRequestPdu(final ClusterServiceRequestPdu pdu) {
@@ -475,6 +475,7 @@ public String getSelfPeerName() {
         return Long.toString(_msId);
     }
 
+    @Override
     public String getSelfNodeIP() {
         return _clusterNodeIP;
     }
diff --git a/framework/cluster/src/main/java/com/cloud/cluster/ClusterServiceAdapter.java b/framework/cluster/src/main/java/com/cloud/cluster/ClusterServiceAdapter.java
index 735de5bdac9d..e073a28a6221 100644
--- a/framework/cluster/src/main/java/com/cloud/cluster/ClusterServiceAdapter.java
+++ b/framework/cluster/src/main/java/com/cloud/cluster/ClusterServiceAdapter.java
@@ -28,7 +28,5 @@ public interface ClusterServiceAdapter extends Adapter {
 
     public ClusterService getPeerService(String strPeer) throws RemoteException;
 
-    public String getServiceEndpointName(String strPeer);
-
     public int getServicePort();
 }
diff --git a/framework/cluster/src/main/java/com/cloud/cluster/ClusterServiceServletAdapter.java b/framework/cluster/src/main/java/com/cloud/cluster/ClusterServiceServletAdapter.java
index 7451b5f42269..15ee055f9e14 100644
--- a/framework/cluster/src/main/java/com/cloud/cluster/ClusterServiceServletAdapter.java
+++ b/framework/cluster/src/main/java/com/cloud/cluster/ClusterServiceServletAdapter.java
@@ -23,8 +23,9 @@
 import javax.inject.Inject;
 import javax.naming.ConfigurationException;
 
-import org.apache.log4j.Logger;
+import org.apache.cloudstack.ca.CAManager;
 import org.apache.cloudstack.framework.config.ConfigDepot;
+import org.apache.log4j.Logger;
 
 import com.cloud.cluster.dao.ManagementServerHostDao;
 import com.cloud.utils.NumbersUtil;
@@ -44,6 +45,8 @@ public class ClusterServiceServletAdapter extends AdapterBase implements Cluster
     @Inject
     private ManagementServerHostDao _mshostDao;
     @Inject
+    private CAManager caService;
+    @Inject
     protected ConfigDepot _configDepot;
 
     private ClusterServiceServletContainer _servletContainer;
@@ -51,7 +54,7 @@ public class ClusterServiceServletAdapter extends AdapterBase implements Cluster
     private int _clusterServicePort = DEFAULT_SERVICE_PORT;
 
     public ClusterServiceServletAdapter() {
-        setRunLevel(ComponentLifecycle.RUN_LEVEL_FRAMEWORK);
+        setRunLevel(ComponentLifecycle.RUN_LEVEL_COMPONENT);
     }
 
     @Override
@@ -66,12 +69,10 @@ public ClusterService getPeerService(String strPeer) throws RemoteException {
         String serviceUrl = getServiceEndpointName(strPeer);
         if (serviceUrl == null)
             return null;
-
-        return new ClusterServiceServletImpl(serviceUrl);
+        return new ClusterServiceServletImpl(serviceUrl, caService);
     }
 
-    @Override
-    public String getServiceEndpointName(String strPeer) {
+    protected String getServiceEndpointName(String strPeer) {
         try {
             init();
         } catch (ConfigurationException e) {
@@ -95,7 +96,7 @@ public int getServicePort() {
 
     private String composeEndpointName(String nodeIP, int port) {
         StringBuffer sb = new StringBuffer();
-        sb.append("http://").append(nodeIP).append(":").append(port).append("/clusterservice");
+        sb.append("https://").append(nodeIP).append(":").append(port).append("/clusterservice");
         return sb.toString();
     }
 
@@ -108,7 +109,8 @@ public boolean configure(String name, Map<String, Object> params) throws Configu
     @Override
     public boolean start() {
         _servletContainer = new ClusterServiceServletContainer();
-        _servletContainer.start(new ClusterServiceServletHttpHandler(_manager), _clusterServicePort);
+        _servletContainer.start(new ClusterServiceServletHttpHandler(_manager), _manager.getSelfNodeIP(),
+                _clusterServicePort, caService);
         return true;
     }
 
diff --git a/framework/cluster/src/main/java/com/cloud/cluster/ClusterServiceServletContainer.java b/framework/cluster/src/main/java/com/cloud/cluster/ClusterServiceServletContainer.java
index 69cc871dc642..1aa9caae50a9 100644
--- a/framework/cluster/src/main/java/com/cloud/cluster/ClusterServiceServletContainer.java
+++ b/framework/cluster/src/main/java/com/cloud/cluster/ClusterServiceServletContainer.java
@@ -17,11 +17,23 @@
 package com.cloud.cluster;
 
 import java.io.IOException;
-import java.net.ServerSocket;
+import java.net.InetAddress;
 import java.net.Socket;
+import java.security.GeneralSecurityException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateParsingException;
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Executors;
 
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLPeerUnverifiedException;
+import javax.net.ssl.SSLServerSocket;
+import javax.net.ssl.SSLServerSocketFactory;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.SSLSocket;
+
+import org.apache.cloudstack.framework.ca.CAService;
+import org.apache.cloudstack.managed.context.ManagedContextRunnable;
 import org.apache.http.ConnectionClosedException;
 import org.apache.http.HttpException;
 import org.apache.http.impl.DefaultConnectionReuseStrategy;
@@ -43,9 +55,9 @@
 import org.apache.http.protocol.ResponseServer;
 import org.apache.log4j.Logger;
 
-import org.apache.cloudstack.managed.context.ManagedContextRunnable;
-
+import com.cloud.utils.StringUtils;
 import com.cloud.utils.concurrency.NamedThreadFactory;
+import com.cloud.utils.nio.Link;
 
 public class ClusterServiceServletContainer {
     private static final Logger s_logger = Logger.getLogger(ClusterServiceServletContainer.class);
@@ -55,9 +67,9 @@ public class ClusterServiceServletContainer {
     public ClusterServiceServletContainer() {
     }
 
-    public boolean start(HttpRequestHandler requestHandler, int port) {
+    public boolean start(HttpRequestHandler requestHandler, String ip, int port, CAService caService) {
 
-        listenerThread = new ListenerThread(requestHandler, port);
+        listenerThread = new ListenerThread(requestHandler, ip, port, caService);
         listenerThread.start();
 
         return true;
@@ -69,24 +81,43 @@ public void stop() {
         }
     }
 
+    protected static SSLServerSocket getSecuredServerSocket(SSLContext sslContext, String ip, int port)
+            throws IOException {
+        SSLServerSocketFactory sslFactory = sslContext.getServerSocketFactory();
+        SSLServerSocket serverSocket = null;
+        if (StringUtils.isNotEmpty(ip)) {
+            serverSocket = (SSLServerSocket) sslFactory.createServerSocket(port, 0,
+                    InetAddress.getByName(ip));
+        } else {
+            serverSocket = (SSLServerSocket) sslFactory.createServerSocket(port);
+        }
+        serverSocket.setNeedClientAuth(true);
+        return serverSocket;
+    }
+
     static class ListenerThread extends Thread {
-        private HttpService _httpService = null;
-        private volatile ServerSocket _serverSocket = null;
-        private HttpParams _params = null;
-        private ExecutorService _executor;
+        private HttpService httpService = null;
+        private volatile SSLServerSocket serverSocket = null;
+        private HttpParams params = null;
+        private ExecutorService executor;
+        private CAService caService = null;
 
-        public ListenerThread(HttpRequestHandler requestHandler, int port) {
-            _executor = Executors.newCachedThreadPool(new NamedThreadFactory("Cluster-Listener"));
+        public ListenerThread(HttpRequestHandler requestHandler, String ip, int port,
+                      CAService caService) {
+            this.executor = Executors.newCachedThreadPool(new NamedThreadFactory("Cluster-Listener"));
+            this.caService = caService;
 
             try {
-                _serverSocket = new ServerSocket(port);
-            } catch (IOException ioex) {
-                s_logger.error("error initializing cluster service servlet container", ioex);
+                SSLContext sslContext = Link.initManagementSSLContext(caService);
+                serverSocket = getSecuredServerSocket(sslContext, ip, port);
+            } catch (IOException | GeneralSecurityException e) {
+                s_logger.error("Error initializing cluster service servlet container for secure connection",
+                        e);
                 return;
             }
 
-            _params = new BasicHttpParams();
-            _params.setIntParameter(CoreConnectionPNames.SO_TIMEOUT, 5000)
+            params = new BasicHttpParams();
+            params.setIntParameter(CoreConnectionPNames.SO_TIMEOUT, 5000)
                 .setIntParameter(CoreConnectionPNames.SOCKET_BUFFER_SIZE, 8 * 1024)
                 .setBooleanParameter(CoreConnectionPNames.STALE_CONNECTION_CHECK, false)
                 .setBooleanParameter(CoreConnectionPNames.TCP_NODELAY, true)
@@ -104,35 +135,55 @@ public ListenerThread(HttpRequestHandler requestHandler, int port) {
             reqistry.register("/clusterservice", requestHandler);
 
             // Set up the HTTP service
-            _httpService = new HttpService(httpproc, new DefaultConnectionReuseStrategy(), new DefaultHttpResponseFactory());
-            _httpService.setParams(_params);
-            _httpService.setHandlerResolver(reqistry);
+            httpService = new HttpService(httpproc, new DefaultConnectionReuseStrategy(), new DefaultHttpResponseFactory());
+            httpService.setParams(params);
+            httpService.setHandlerResolver(reqistry);
         }
 
         public void stopRunning() {
-            if (_serverSocket != null) {
+            if (serverSocket != null) {
                 try {
-                    _serverSocket.close();
+                    serverSocket.close();
                 } catch (IOException e) {
                     s_logger.info("[ignored] error on closing server socket", e);
                 }
-                _serverSocket = null;
+                serverSocket = null;
             }
         }
 
+        protected boolean isValidPeerConnection(Socket socket) throws SSLPeerUnverifiedException,
+                CertificateParsingException {
+            SSLSocket sslSocket = (SSLSocket) socket;
+            SSLSession session = sslSocket.getSession();
+            if (session == null || !session.isValid()) {
+                return false;
+            }
+            Certificate[] certs = session.getPeerCertificates();
+            if (certs == null || certs.length < 1) {
+                return false;
+            }
+            return caService.isManagementCertificate(certs[0]);
+        }
+
         @Override
         public void run() {
             if (s_logger.isInfoEnabled())
-                s_logger.info("Cluster service servlet container listening on port " + _serverSocket.getLocalPort());
+                s_logger.info(String.format("Cluster service servlet container listening on host: %s and port %d",
+                        serverSocket.getInetAddress().getHostAddress(), serverSocket.getLocalPort()));
 
-            while (_serverSocket != null) {
+            while (serverSocket != null) {
                 try {
                     // Set up HTTP connection
-                    Socket socket = _serverSocket.accept();
+                    Socket socket = serverSocket.accept();
                     final DefaultHttpServerConnection conn = new DefaultHttpServerConnection();
-                    conn.bind(socket, _params);
-
-                    _executor.execute(new ManagedContextRunnable() {
+                    conn.bind(socket, params);
+                    if (!isValidPeerConnection(socket)) {
+                        s_logger.warn(String.format("Failure during validating cluster request from %s",
+                                socket.getInetAddress().getHostAddress()));
+                        conn.shutdown();
+                        continue;
+                    }
+                    executor.execute(new ManagedContextRunnable() {
                         @Override
                         protected void runInContext() {
                             HttpContext context = new BasicHttpContext(null);
@@ -141,7 +192,7 @@ protected void runInContext() {
                                     if (s_logger.isTraceEnabled())
                                         s_logger.trace("dispatching cluster request from " + conn.getRemoteAddress().toString());
 
-                                    _httpService.handleRequest(conn, context);
+                                    httpService.handleRequest(conn, context);
 
                                     if (s_logger.isTraceEnabled())
                                         s_logger.trace("Cluster request from " + conn.getRemoteAddress().toString() + " is processed");
@@ -176,7 +227,7 @@ protected void runInContext() {
                 }
             }
 
-            _executor.shutdown();
+            executor.shutdown();
             if (s_logger.isInfoEnabled())
                 s_logger.info("Cluster service servlet container shutdown");
         }
diff --git a/framework/cluster/src/main/java/com/cloud/cluster/ClusterServiceServletImpl.java b/framework/cluster/src/main/java/com/cloud/cluster/ClusterServiceServletImpl.java
index ec8b90866d0e..c5b614521698 100644
--- a/framework/cluster/src/main/java/com/cloud/cluster/ClusterServiceServletImpl.java
+++ b/framework/cluster/src/main/java/com/cloud/cluster/ClusterServiceServletImpl.java
@@ -17,98 +17,143 @@
 package com.cloud.cluster;
 
 import java.io.IOException;
+import java.io.UnsupportedEncodingException;
 import java.rmi.RemoteException;
+import java.security.GeneralSecurityException;
+import java.util.ArrayList;
+import java.util.List;
 
-import org.apache.commons.httpclient.HttpClient;
-import org.apache.commons.httpclient.HttpException;
+import javax.net.ssl.SSLContext;
+
+import org.apache.cloudstack.framework.ca.CAService;
 import org.apache.commons.httpclient.HttpStatus;
-import org.apache.commons.httpclient.MultiThreadedHttpConnectionManager;
-import org.apache.commons.httpclient.methods.PostMethod;
-import org.apache.commons.httpclient.params.HttpClientParams;
+import org.apache.http.NameValuePair;
+import org.apache.http.client.config.RequestConfig;
+import org.apache.http.client.entity.UrlEncodedFormEntity;
+import org.apache.http.client.methods.CloseableHttpResponse;
+import org.apache.http.client.methods.HttpPost;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClientBuilder;
+import org.apache.http.message.BasicNameValuePair;
+import org.apache.http.util.EntityUtils;
 import org.apache.log4j.Logger;
 
+import com.cloud.utils.HttpUtils;
 import com.cloud.utils.Profiler;
+import com.cloud.utils.nio.Link;
+import com.google.gson.Gson;
 
 public class ClusterServiceServletImpl implements ClusterService {
     private static final long serialVersionUID = 4574025200012566153L;
     private static final Logger s_logger = Logger.getLogger(ClusterServiceServletImpl.class);
 
-    private String _serviceUrl;
+    private String serviceUrl;
+
+    private CAService caService;
+
+    private Gson gson = new Gson();
 
-    protected static HttpClient s_client = null;
+    protected static CloseableHttpClient s_client = null;
+
+    private void logPostParametersForFailedEncoding(List<NameValuePair> parameters) {
+        if (s_logger.isTraceEnabled()) {
+            s_logger.trace(String.format("%s encoding failed for POST parameters: %s", HttpUtils.UTF_8,
+                    gson.toJson(parameters)));
+        }
+    }
 
     public ClusterServiceServletImpl() {
     }
 
-    public ClusterServiceServletImpl(final String serviceUrl) {
-        s_logger.info("Setup cluster service servlet. service url: " + serviceUrl + ", request timeout: " + ClusterServiceAdapter.ClusterMessageTimeOut.value() +
-                " seconds");
+    public ClusterServiceServletImpl(final String serviceUrl, final CAService caService) {
+        s_logger.info(String.format("Setup cluster service servlet. service url: %s, request timeout: %d seconds", serviceUrl,
+                ClusterServiceAdapter.ClusterMessageTimeOut.value()));
+        this.serviceUrl = serviceUrl;
+        this.caService = caService;
+    }
 
-        _serviceUrl = serviceUrl;
+    protected List<NameValuePair> getClusterServicePduPostParameters(final ClusterServicePdu pdu) {
+        List<NameValuePair> postParameters = new ArrayList<>();
+        postParameters.add(new BasicNameValuePair("method", Integer.toString(RemoteMethodConstants.METHOD_DELIVER_PDU)));
+        postParameters.add(new BasicNameValuePair("sourcePeer", pdu.getSourcePeer()));
+        postParameters.add(new BasicNameValuePair("destPeer", pdu.getDestPeer()));
+        postParameters.add(new BasicNameValuePair("pduSeq", Long.toString(pdu.getSequenceId())));
+        postParameters.add(new BasicNameValuePair("pduAckSeq", Long.toString(pdu.getAckSequenceId())));
+        postParameters.add(new BasicNameValuePair("agentId", Long.toString(pdu.getAgentId())));
+        postParameters.add(new BasicNameValuePair("gsonPackage", pdu.getJsonPackage()));
+        postParameters.add(new BasicNameValuePair("stopOnError", pdu.isStopOnError() ? "1" : "0"));
+        postParameters.add(new BasicNameValuePair("pduType", Integer.toString(pdu.getPduType())));
+        return postParameters;
     }
 
     @Override
     public String execute(final ClusterServicePdu pdu) throws RemoteException {
-
-        final HttpClient client = getHttpClient();
-        final PostMethod method = new PostMethod(_serviceUrl);
-
-        method.addParameter("method", Integer.toString(RemoteMethodConstants.METHOD_DELIVER_PDU));
-        method.addParameter("sourcePeer", pdu.getSourcePeer());
-        method.addParameter("destPeer", pdu.getDestPeer());
-        method.addParameter("pduSeq", Long.toString(pdu.getSequenceId()));
-        method.addParameter("pduAckSeq", Long.toString(pdu.getAckSequenceId()));
-        method.addParameter("agentId", Long.toString(pdu.getAgentId()));
-        method.addParameter("gsonPackage", pdu.getJsonPackage());
-        method.addParameter("stopOnError", pdu.isStopOnError() ? "1" : "0");
-        method.addParameter("pduType", Integer.toString(pdu.getPduType()));
+        if (s_logger.isDebugEnabled()) {
+            s_logger.debug(String.format("Executing ClusterServicePdu with service URL: %s", serviceUrl));
+        }
+        final CloseableHttpClient client = getHttpClient();
+        final HttpPost method = new HttpPost(serviceUrl);
+        final List<NameValuePair> postParameters = getClusterServicePduPostParameters(pdu);
+        try {
+            method.setEntity(new UrlEncodedFormEntity(postParameters, HttpUtils.UTF_8));
+        } catch (UnsupportedEncodingException e) {
+            s_logger.error("Failed to encode request POST parameters", e);
+            logPostParametersForFailedEncoding(postParameters);
+            throw new RemoteException("Failed to encode request POST parameters", e);
+        }
 
         return executePostMethod(client, method);
     }
 
+    protected List<NameValuePair> getPingPostParameters(final String callingPeer) {
+        List<NameValuePair> postParameters = new ArrayList<>();
+        postParameters.add(new BasicNameValuePair("method", Integer.toString(RemoteMethodConstants.METHOD_PING)));
+        postParameters.add(new BasicNameValuePair("callingPeer", callingPeer));
+        return postParameters;
+    }
+
     @Override
     public boolean ping(final String callingPeer) throws RemoteException {
         if (s_logger.isDebugEnabled()) {
-            s_logger.debug("Ping at " + _serviceUrl);
+            s_logger.debug("Ping at " + serviceUrl);
         }
 
-        final HttpClient client = getHttpClient();
-        final PostMethod method = new PostMethod(_serviceUrl);
+        final CloseableHttpClient client = getHttpClient();
+        final HttpPost method = new HttpPost(serviceUrl);
 
-        method.addParameter("method", Integer.toString(RemoteMethodConstants.METHOD_PING));
-        method.addParameter("callingPeer", callingPeer);
+        List<NameValuePair> postParameters = getPingPostParameters(callingPeer);
+        try {
+            method.setEntity(new UrlEncodedFormEntity(postParameters, HttpUtils.UTF_8));
+        } catch (UnsupportedEncodingException e) {
+            s_logger.error("Failed to encode ping request POST parameters", e);
+            logPostParametersForFailedEncoding(postParameters);
+            throw new RemoteException("Failed to encode ping request POST parameters", e);
+        }
 
         final String returnVal = executePostMethod(client, method);
-        if ("true".equalsIgnoreCase(returnVal)) {
-            return true;
-        }
-        return false;
+        return Boolean.TRUE.toString().equalsIgnoreCase(returnVal);
     }
 
-    private String executePostMethod(final HttpClient client, final PostMethod method) {
-        int response = 0;
+    private String executePostMethod(final CloseableHttpClient client, final HttpPost method) {
         String result = null;
         try {
             final Profiler profiler = new Profiler();
             profiler.start();
-            response = client.executeMethod(method);
+            CloseableHttpResponse httpResponse = client.execute(method);
+            int response = httpResponse.getStatusLine().getStatusCode();
             if (response == HttpStatus.SC_OK) {
-                result = method.getResponseBodyAsString();
+                result = EntityUtils.toString(httpResponse.getEntity());
                 profiler.stop();
                 if (s_logger.isDebugEnabled()) {
-                    s_logger.debug("POST " + _serviceUrl + " response :" + result + ", responding time: " + profiler.getDurationInMillis() + " ms");
+                    s_logger.debug("POST " + serviceUrl + " response :" + result + ", responding time: " + profiler.getDurationInMillis() + " ms");
                 }
             } else {
                 profiler.stop();
-                s_logger.error("Invalid response code : " + response + ", from : " + _serviceUrl + ", method : " + method.getParameter("method") + " responding time: " +
+                s_logger.error("Invalid response code : " + response + ", from : " + serviceUrl + ", method : " + method.getParams().getParameter("method") + " responding time: " +
                         profiler.getDurationInMillis());
             }
-        } catch (final HttpException e) {
-            s_logger.error("HttpException from : " + _serviceUrl + ", method : " + method.getParameter("method"));
-        } catch (final IOException e) {
-            s_logger.error("IOException from : " + _serviceUrl + ", method : " + method.getParameter("method"));
-        } catch (final Throwable e) {
-            s_logger.error("Exception from : " + _serviceUrl + ", method : " + method.getParameter("method") + ", exception :", e);
+        } catch (IOException e) {
+            s_logger.error("Exception from : " + serviceUrl + ", method : " + method.getParams().getParameter("method") + ", exception :", e);
         } finally {
             method.releaseConnection();
         }
@@ -116,20 +161,25 @@ private String executePostMethod(final HttpClient client, final PostMethod metho
         return result;
     }
 
-    private HttpClient getHttpClient() {
-
+    private CloseableHttpClient getHttpClient() {
         if (s_client == null) {
-            final MultiThreadedHttpConnectionManager mgr = new MultiThreadedHttpConnectionManager();
-            mgr.getParams().setDefaultMaxConnectionsPerHost(4);
-
-            // TODO make it configurable
-            mgr.getParams().setMaxTotalConnections(1000);
+            SSLContext sslContext = null;
+            try {
+                sslContext = Link.initManagementSSLContext(caService);
+            } catch (GeneralSecurityException | IOException e) {
+                throw new RuntimeException(e);
+            }
 
-            s_client = new HttpClient(mgr);
-            final HttpClientParams clientParams = new HttpClientParams();
-            clientParams.setSoTimeout(ClusterServiceAdapter.ClusterMessageTimeOut.value() * 1000);
+            int timeout = ClusterServiceAdapter.ClusterMessageTimeOut.value() * 1000;
+            RequestConfig config = RequestConfig.custom()
+                    .setConnectTimeout(timeout)
+                    .setConnectionRequestTimeout(timeout)
+                    .setSocketTimeout(timeout).build();
 
-            s_client.setParams(clientParams);
+            s_client = HttpClientBuilder.create()
+                    .setDefaultRequestConfig(config)
+                    .setSSLContext(sslContext)
+                    .build();
         }
         return s_client;
     }
diff --git a/framework/cluster/src/test/java/com/cloud/cluster/ClusterManagerImplTest.java b/framework/cluster/src/test/java/com/cloud/cluster/ClusterManagerImplTest.java
new file mode 100644
index 000000000000..9b1854f73487
--- /dev/null
+++ b/framework/cluster/src/test/java/com/cloud/cluster/ClusterManagerImplTest.java
@@ -0,0 +1,38 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package com.cloud.cluster;
+
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.InjectMocks;
+import org.mockito.junit.MockitoJUnitRunner;
+import org.springframework.test.util.ReflectionTestUtils;
+
+@RunWith(MockitoJUnitRunner.class)
+public class ClusterManagerImplTest {
+    @InjectMocks
+    ClusterManagerImpl clusterManager = new ClusterManagerImpl();
+
+    @Test
+    public void testGetSelfNodeIP() {
+        String ip = "1.2.3.4";
+        ReflectionTestUtils.setField(clusterManager, "_clusterNodeIP", ip);
+        Assert.assertEquals(ip, clusterManager.getSelfNodeIP());
+    }
+}
diff --git a/framework/cluster/src/test/java/com/cloud/cluster/ClusterServiceServletAdapterTest.java b/framework/cluster/src/test/java/com/cloud/cluster/ClusterServiceServletAdapterTest.java
index 91d8b611a0f5..3827236d6159 100644
--- a/framework/cluster/src/test/java/com/cloud/cluster/ClusterServiceServletAdapterTest.java
+++ b/framework/cluster/src/test/java/com/cloud/cluster/ClusterServiceServletAdapterTest.java
@@ -50,7 +50,7 @@ public void setup() throws IllegalArgumentException, IllegalAccessException, NoS
     @Test
     public void testRunLevel() {
         int runLevel = clusterServiceServletAdapter.getRunLevel();
-        assertTrue(runLevel == ComponentLifecycle.RUN_LEVEL_FRAMEWORK);
+        assertTrue(runLevel == ComponentLifecycle.RUN_LEVEL_COMPONENT);
         assertTrue(runLevel == clusterManagerImpl.getRunLevel());
     }
 }
diff --git a/framework/cluster/src/test/java/com/cloud/cluster/ClusterServiceServletContainerTest.java b/framework/cluster/src/test/java/com/cloud/cluster/ClusterServiceServletContainerTest.java
new file mode 100644
index 000000000000..baf4e5841bdb
--- /dev/null
+++ b/framework/cluster/src/test/java/com/cloud/cluster/ClusterServiceServletContainerTest.java
@@ -0,0 +1,87 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.cluster;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLContextSpi;
+import javax.net.ssl.SSLServerSocket;
+import javax.net.ssl.SSLServerSocketFactory;
+
+import org.apache.commons.collections.CollectionUtils;
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mockito;
+import org.mockito.junit.MockitoJUnitRunner;
+import org.mockito.stubbing.Answer;
+import org.springframework.test.util.ReflectionTestUtils;
+
+import com.cloud.utils.StringUtils;
+
+@RunWith(MockitoJUnitRunner.class)
+public class ClusterServiceServletContainerTest {
+
+    private void runGetSecuredServerSocket(String ip) {
+        SSLContext sslContext = Mockito.mock(SSLContext.class);
+        SSLContextSpi sslContextSpi = Mockito.mock(SSLContextSpi.class);
+        ReflectionTestUtils.setField(sslContext, "contextSpi", sslContextSpi);
+        SSLServerSocketFactory factory = Mockito.mock(SSLServerSocketFactory.class);
+        Mockito.when(sslContext.getServerSocketFactory()).thenReturn(factory);
+        int port = 9090;
+        final List<Boolean> socketNeedClientAuth = new ArrayList<>();
+        try {
+            SSLServerSocket socketMock = Mockito.mock(SSLServerSocket.class);
+            if (StringUtils.isBlank(ip)) {
+                Mockito.when(factory.createServerSocket(port)).thenReturn(socketMock);
+            } else {
+                Mockito.when(factory.createServerSocket(Mockito.anyInt(), Mockito.anyInt(),
+                        Mockito.any(InetAddress.class))).thenReturn(socketMock);
+            }
+            Mockito.doAnswer((Answer<Void>) invocationOnMock -> {
+                boolean needClientAuth = (boolean) invocationOnMock.getArguments()[0];
+                socketNeedClientAuth.add(needClientAuth);
+                return null;
+            }).when(socketMock).setNeedClientAuth(Mockito.anyBoolean());
+            SSLServerSocket socket = ClusterServiceServletContainer.getSecuredServerSocket(sslContext, ip, 9090);
+            if (StringUtils.isBlank(ip)) {
+                Mockito.verify(factory, Mockito.times(1)).createServerSocket(port);
+            } else {
+                Mockito.verify(factory, Mockito.times(1)).createServerSocket(port, 0, InetAddress.getByName(ip));
+            }
+            Mockito.verify(socket, Mockito.times(1)).setNeedClientAuth(Mockito.anyBoolean());
+            Assert.assertTrue(CollectionUtils.isNotEmpty(socketNeedClientAuth));
+            Assert.assertTrue(socketNeedClientAuth.get(0));
+        } catch (IOException e) {
+            Assert.fail("Exception occurred: " + e.getMessage());
+        }
+    }
+
+    @Test
+    public void testGetSecuredServerSocketNoIp() {
+        runGetSecuredServerSocket("");
+    }
+
+    @Test
+    public void testGetSecuredServerSocketIp() {
+        runGetSecuredServerSocket("1.2.3.4");
+    }
+}
diff --git a/framework/cluster/src/test/java/com/cloud/cluster/ClusterServiceServletImplTest.java b/framework/cluster/src/test/java/com/cloud/cluster/ClusterServiceServletImplTest.java
new file mode 100644
index 000000000000..361c77dbeff4
--- /dev/null
+++ b/framework/cluster/src/test/java/com/cloud/cluster/ClusterServiceServletImplTest.java
@@ -0,0 +1,64 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package com.cloud.cluster;
+
+import java.util.List;
+import java.util.Optional;
+
+import org.apache.commons.collections.CollectionUtils;
+import org.apache.http.NameValuePair;
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.InjectMocks;
+import org.mockito.Mockito;
+import org.mockito.junit.MockitoJUnitRunner;
+
+@RunWith(MockitoJUnitRunner.class)
+public class ClusterServiceServletImplTest {
+
+    @InjectMocks
+    ClusterServiceServletImpl clusterServiceServlet = new ClusterServiceServletImpl();
+
+    @Test
+    public void testClusterServicePduPostParameters() {
+        List<NameValuePair> parameters =
+                clusterServiceServlet.getClusterServicePduPostParameters(Mockito.mock(ClusterServicePdu.class));
+        Assert.assertTrue(CollectionUtils.isNotEmpty(parameters));
+        Optional<NameValuePair> opt = parameters.stream().filter(x -> x.getName().equals("method")).findFirst();
+        Assert.assertTrue(opt.isPresent());
+        NameValuePair val = opt.get();
+        Assert.assertEquals(Integer.toString(RemoteMethodConstants.METHOD_DELIVER_PDU), val.getValue());
+    }
+
+    @Test
+    public void testPingPostParameters() {
+        String peer = "1.2.3.4";
+        List<NameValuePair> parameters =
+                clusterServiceServlet.getPingPostParameters(peer);
+        Assert.assertTrue(CollectionUtils.isNotEmpty(parameters));
+        Optional<NameValuePair> opt = parameters.stream().filter(x -> x.getName().equals("method")).findFirst();
+        Assert.assertTrue(opt.isPresent());
+        NameValuePair val = opt.get();
+        Assert.assertEquals(Integer.toString(RemoteMethodConstants.METHOD_PING), val.getValue());
+        opt = parameters.stream().filter(x -> x.getName().equals("callingPeer")).findFirst();
+        Assert.assertTrue(opt.isPresent());
+        val = opt.get();
+        Assert.assertEquals(peer, val.getValue());
+    }
+}
diff --git a/packaging/systemd/cloudstack-management.default b/packaging/systemd/cloudstack-management.default
index 252fb4b78f6c..d0b41b4b5641 100644
--- a/packaging/systemd/cloudstack-management.default
+++ b/packaging/systemd/cloudstack-management.default
@@ -15,7 +15,7 @@
 # specific language governing permissions and limitations
 # under the License.
 
-JAVA_OPTS="-Djava.security.properties=/etc/cloudstack/management/java.security.ciphers -Djava.awt.headless=true -Dcom.sun.management.jmxremote=false -Xmx2G -XX:+UseParallelGC -XX:MaxGCPauseMillis=500 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/log/cloudstack/management/ -XX:ErrorFile=/var/log/cloudstack/management/cloudstack-management.err "
+JAVA_OPTS="-Djava.security.properties=/etc/cloudstack/management/java.security.ciphers -Djava.awt.headless=true -Xmx2G -XX:+UseParallelGC -XX:MaxGCPauseMillis=500 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/log/cloudstack/management/ -XX:ErrorFile=/var/log/cloudstack/management/cloudstack-management.err "
 
 CLASSPATH="/usr/share/cloudstack-management/lib/*:/etc/cloudstack/management:/usr/share/cloudstack-common:/usr/share/cloudstack-management/setup:/usr/share/cloudstack-management:/usr/share/java/mysql-connector-java.jar:/usr/share/cloudstack-mysql-ha/lib/*"
 
diff --git a/plugins/ca/root-ca/src/main/java/org/apache/cloudstack/ca/provider/RootCAProvider.java b/plugins/ca/root-ca/src/main/java/org/apache/cloudstack/ca/provider/RootCAProvider.java
index f71274bbc884..821704179fc4 100644
--- a/plugins/ca/root-ca/src/main/java/org/apache/cloudstack/ca/provider/RootCAProvider.java
+++ b/plugins/ca/root-ca/src/main/java/org/apache/cloudstack/ca/provider/RootCAProvider.java
@@ -33,9 +33,11 @@
 import java.security.SignatureException;
 import java.security.UnrecoverableKeyException;
 import java.security.cert.CertificateException;
+import java.security.cert.CertificateParsingException;
 import java.security.cert.X509Certificate;
 import java.security.spec.InvalidKeySpecException;
 import java.util.ArrayList;
+import java.util.Collection;
 import java.util.Collections;
 import java.util.List;
 import java.util.Map;
@@ -57,6 +59,7 @@
 import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
 import org.apache.cloudstack.utils.security.CertUtils;
 import org.apache.cloudstack.utils.security.KeyStoreUtils;
+import org.apache.commons.collections.CollectionUtils;
 import org.apache.log4j.Logger;
 import org.bouncycastle.asn1.pkcs.Attribute;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
@@ -127,6 +130,8 @@ public final class RootCAProvider extends AdapterBase implements CAProvider, Con
             "true",
             "When set to true, it will allow expired client certificate during SSL handshake.", true);
 
+    private static String managementCertificateCustomSAN;
+
 
     ///////////////////////////////////////////////////////////
     /////////////// Root CA Private Methods ///////////////////
@@ -365,8 +370,11 @@ private boolean loadManagementKeyStore() {
         if (managementKeyStore != null) {
             return true;
         }
-        final Certificate serverCertificate = issueCertificate(Collections.singletonList(NetUtils.getHostName()),
-                NetUtils.getAllDefaultNicIps(), getCaValidityDays());
+        List<String> domainNames = new ArrayList<>();
+        domainNames.add(NetUtils.getHostName());
+        domainNames.add(CAManager.CertManagementCustomSubjectAlternativeName.value());
+        final Certificate serverCertificate = issueCertificate(
+                domainNames, NetUtils.getAllDefaultNicIps(), getCaValidityDays());
         if (serverCertificate == null || serverCertificate.getPrivateKey() == null) {
             throw new CloudRuntimeException("Failed to generate management server certificate and load management server keystore");
         }
@@ -402,6 +410,7 @@ private boolean setupCA() {
 
     @Override
     public boolean start() {
+        managementCertificateCustomSAN = CAManager.CertManagementCustomSubjectAlternativeName.value();
         return loadRootCAKeyPair() && loadRootCAKeyPair() && loadManagementKeyStore();
     }
 
@@ -456,4 +465,26 @@ public String getProviderName() {
     public String getDescription() {
         return "CloudStack's Root CA provider plugin";
     }
+
+    @Override
+    public boolean isManagementCertificate(java.security.cert.Certificate certificate) throws CertificateParsingException {
+        if (!(certificate instanceof X509Certificate)) {
+            return false;
+        }
+        X509Certificate x509Certificate = (X509Certificate) certificate;
+
+        // Check for alternative names
+        Collection<List<?>> altNames = x509Certificate.getSubjectAlternativeNames();
+        if (CollectionUtils.isEmpty(altNames)) {
+            return false;
+        }
+        for (List<?> altName : altNames) {
+            int type = (Integer) altName.get(0);
+            String name = (String) altName.get(1);
+            if (type == GeneralName.dNSName && managementCertificateCustomSAN.equals(name)) {
+                return true;
+            }
+        }
+        return false;
+    }
 }
diff --git a/plugins/ca/root-ca/src/test/java/org/apache/cloudstack/ca/provider/RootCAProviderTest.java b/plugins/ca/root-ca/src/test/java/org/apache/cloudstack/ca/provider/RootCAProviderTest.java
index 15514b91c785..8311f4d45abc 100644
--- a/plugins/ca/root-ca/src/test/java/org/apache/cloudstack/ca/provider/RootCAProviderTest.java
+++ b/plugins/ca/root-ca/src/test/java/org/apache/cloudstack/ca/provider/RootCAProviderTest.java
@@ -26,8 +26,13 @@
 import java.security.NoSuchProviderException;
 import java.security.SignatureException;
 import java.security.cert.CertificateException;
+import java.security.cert.CertificateParsingException;
 import java.security.cert.X509Certificate;
+import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Collection;
+import java.util.List;
+import java.util.UUID;
 
 import javax.net.ssl.SSLEngine;
 
@@ -35,15 +40,16 @@
 import org.apache.cloudstack.framework.config.ConfigKey;
 import org.apache.cloudstack.utils.security.CertUtils;
 import org.apache.cloudstack.utils.security.SSLUtils;
+import org.bouncycastle.asn1.x509.GeneralName;
 import org.joda.time.DateTime;
 import org.junit.After;
 import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
-
-import org.mockito.junit.MockitoJUnitRunner;
 import org.mockito.Mockito;
+import org.mockito.junit.MockitoJUnitRunner;
+import org.springframework.test.util.ReflectionTestUtils;
 
 
 @RunWith(MockitoJUnitRunner.class)
@@ -150,4 +156,56 @@ public void testGetProviderName() throws Exception {
         Assert.assertEquals(provider.getProviderName(), "root");
     }
 
+    @Test
+    public void testIsManagementCertificateNotX509() {
+        try {
+            Assert.assertFalse(provider.isManagementCertificate(Mockito.mock(java.security.cert.Certificate.class)));
+        } catch (CertificateParsingException e) {
+            Assert.fail(String.format("Exception occurred: %s", e.getMessage()));
+        }
+    }
+
+    @Test
+    public void testIsManagementCertificateNoAltNames() {
+        try {
+            X509Certificate certificate = Mockito.mock(X509Certificate.class);
+            Mockito.when(certificate.getSubjectAlternativeNames()).thenReturn(new ArrayList<>());
+            Assert.assertFalse(provider.isManagementCertificate(certificate));
+        } catch (CertificateParsingException e) {
+            Assert.fail(String.format("Exception occurred: %s", e.getMessage()));
+        }
+    }
+
+    @Test
+    public void testIsManagementCertificateNoMatch() {
+        ReflectionTestUtils.setField(provider, "managementCertificateCustomSAN", "cloudstack");
+        try {
+            X509Certificate certificate = Mockito.mock(X509Certificate.class);
+            List<List<?>> altNames = new ArrayList<>();
+            altNames.add(List.of(GeneralName.dNSName, UUID.randomUUID().toString()));
+            altNames.add(List.of(GeneralName.dNSName, UUID.randomUUID().toString()));
+            Collection<List<?>> collection = new ArrayList<>(altNames);
+            Mockito.when(certificate.getSubjectAlternativeNames()).thenReturn(collection);
+            Assert.assertFalse(provider.isManagementCertificate(certificate));
+        } catch (CertificateParsingException e) {
+            Assert.fail(String.format("Exception occurred: %s", e.getMessage()));
+        }
+    }
+
+    @Test
+    public void testIsManagementCertificateMatch() {
+        String customSAN = "cloudstack";
+        ReflectionTestUtils.setField(provider, "managementCertificateCustomSAN", customSAN);
+        try {
+            X509Certificate certificate = Mockito.mock(X509Certificate.class);
+            List<List<?>> altNames = new ArrayList<>();
+            altNames.add(List.of(GeneralName.dNSName, customSAN));
+            altNames.add(List.of(GeneralName.dNSName, UUID.randomUUID().toString()));
+            Collection<List<?>> collection = new ArrayList<>(altNames);
+            Mockito.when(certificate.getSubjectAlternativeNames()).thenReturn(collection);
+            Assert.assertTrue(provider.isManagementCertificate(certificate));
+        } catch (CertificateParsingException e) {
+            Assert.fail(String.format("Exception occurred: %s", e.getMessage()));
+        }
+    }
 }
diff --git a/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtDeleteVMSnapshotCommandWrapper.java b/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtDeleteVMSnapshotCommandWrapper.java
index 5b55db24f4de..f95948d73dd2 100644
--- a/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtDeleteVMSnapshotCommandWrapper.java
+++ b/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtDeleteVMSnapshotCommandWrapper.java
@@ -19,6 +19,9 @@
 
 package com.cloud.hypervisor.kvm.resource.wrapper;
 
+import java.util.ArrayList;
+import java.util.List;
+
 import org.apache.cloudstack.storage.to.PrimaryDataStoreTO;
 import org.apache.cloudstack.storage.to.VolumeObjectTO;
 import org.apache.log4j.Logger;
@@ -36,8 +39,8 @@
 import com.cloud.hypervisor.kvm.storage.KVMStoragePoolManager;
 import com.cloud.resource.CommandWrapper;
 import com.cloud.resource.ResourceWrapper;
-import com.cloud.storage.Volume;
 import com.cloud.storage.Storage.ImageFormat;
+import com.cloud.storage.Volume;
 import com.cloud.utils.script.Script;
 
 @ResourceWrapper(handles =  DeleteVMSnapshotCommand.class)
@@ -96,12 +99,20 @@ public Answer execute(final DeleteVMSnapshotCommand cmd, final LibvirtComputingR
                     PrimaryDataStoreTO primaryStore = (PrimaryDataStoreTO) rootVolume.getDataStore();
                     KVMPhysicalDisk rootDisk = storagePoolMgr.getPhysicalDisk(primaryStore.getPoolType(),
                             primaryStore.getUuid(), rootVolume.getPath());
-                    String qemu_img_snapshot = Script.runSimpleBashScript("qemu-img snapshot -l " + rootDisk.getPath() + " | tail -n +3 | awk -F ' ' '{print $2}' | grep ^" + cmd.getTarget().getSnapshotName() + "$");
+                    String qemuImgPath = Script.getExecutableAbsolutePath("qemu-img");
+                    List<String[]> commands = new ArrayList<>();
+                    commands.add(new String[]{qemuImgPath, "snapshot", "-l", sanitizeBashCommandArgument(rootDisk.getPath())});
+                    commands.add(new String[]{Script.getExecutableAbsolutePath("tail"), "-n", "+3"});
+                    commands.add(new String[]{Script.getExecutableAbsolutePath("awk"), "-F", " ", "{print $2}"});
+                    commands.add(new String[]{Script.getExecutableAbsolutePath("grep"), "^" + sanitizeBashCommandArgument(cmd.getTarget().getSnapshotName()) + "$"});
+                    String qemu_img_snapshot = Script.executePipedCommands(commands, 0).second();
                     if (qemu_img_snapshot == null) {
                         s_logger.info("Cannot find snapshot " + cmd.getTarget().getSnapshotName() + " in file " + rootDisk.getPath() + ", return true");
                         return new DeleteVMSnapshotAnswer(cmd, cmd.getVolumeTOs());
                     }
-                    int result = Script.runSimpleBashScriptForExitValue("qemu-img snapshot -d " + cmd.getTarget().getSnapshotName() + " " + rootDisk.getPath());
+                    int result = Script.executeCommandForExitValue(qemuImgPath, "snapshot", "-d",
+                            sanitizeBashCommandArgument(cmd.getTarget().getSnapshotName()),
+                            sanitizeBashCommandArgument(rootDisk.getPath()));
                     if (result != 0) {
                         return new DeleteVMSnapshotAnswer(cmd, false,
                                 "Delete VM Snapshot Failed due to can not remove snapshot from image file " + rootDisk.getPath()  + " : " + result);
diff --git a/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtGetVmIpAddressCommandWrapper.java b/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtGetVmIpAddressCommandWrapper.java
index 1c27bdd958fd..da2839d9cee9 100644
--- a/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtGetVmIpAddressCommandWrapper.java
+++ b/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtGetVmIpAddressCommandWrapper.java
@@ -19,6 +19,11 @@
 
 package com.cloud.hypervisor.kvm.resource.wrapper;
 
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.log4j.Logger;
+
 import com.cloud.agent.api.Answer;
 import com.cloud.agent.api.GetVmIpAddressCommand;
 import com.cloud.hypervisor.kvm.resource.LibvirtComputingResource;
@@ -26,7 +31,6 @@
 import com.cloud.resource.ResourceWrapper;
 import com.cloud.utils.net.NetUtils;
 import com.cloud.utils.script.Script;
-import org.apache.log4j.Logger;
 
 @ResourceWrapper(handles =  GetVmIpAddressCommand.class)
 public final class LibvirtGetVmIpAddressCommandWrapper extends CommandWrapper<GetVmIpAddressCommand, Answer, LibvirtComputingResource> {
@@ -37,31 +41,51 @@ public final class LibvirtGetVmIpAddressCommandWrapper extends CommandWrapper<Ge
     public Answer execute(final GetVmIpAddressCommand command, final LibvirtComputingResource libvirtComputingResource) {
         String ip = null;
         boolean result = false;
+        String vmName = command.getVmName();
+        String sanitizedVmName = sanitizeBashCommandArgument(vmName);
         String networkCidr = command.getVmNetworkCidr();
+        List<String[]> commands = new ArrayList<>();
+        final String virt_ls_path = Script.getExecutableAbsolutePath("virt-ls");
+        final String virt_cat_path = Script.getExecutableAbsolutePath("virt-cat");
+        final String virt_win_reg_path = Script.getExecutableAbsolutePath("virt-win-reg");
+        final String tail_path = Script.getExecutableAbsolutePath("tail");
+        final String grep_path = Script.getExecutableAbsolutePath("grep");
+        final String awk_path = Script.getExecutableAbsolutePath("awk");
+        final String sed_path = Script.getExecutableAbsolutePath("sed");
         if(!command.isWindows()) {
             //List all dhcp lease files inside guestVm
-            String leasesList = Script.runSimpleBashScript(new StringBuilder().append("virt-ls ").append(command.getVmName())
-                    .append(" /var/lib/dhclient/ | grep .*\\*.leases").toString());
+            commands.add(new String[]{virt_ls_path, sanitizedVmName, "/var/lib/dhclient/"});
+            commands.add(new String[]{grep_path, ".*\\*.leases"});
+            String leasesList = Script.executePipedCommands(commands, 0).second();
             if(leasesList != null) {
                 String[] leasesFiles = leasesList.split("\n");
                 for(String leaseFile : leasesFiles){
-                    //Read from each dhclient lease file inside guest Vm using virt-cat libguestfs ulitiy
-                    String ipAddr = Script.runSimpleBashScript(new StringBuilder().append("virt-cat ").append(command.getVmName())
-                            .append(" /var/lib/dhclient/" + leaseFile + " | tail -16 | grep 'fixed-address' | awk '{print $2}' | sed -e 's/;//'").toString());
+                    //Read from each dhclient lease file inside guest Vm using virt-cat libguestfs utility
+                    commands = new ArrayList<>();
+                    commands.add(new String[]{virt_cat_path, sanitizedVmName, "/var/lib/dhclient/" + leaseFile});
+                    commands.add(new String[]{tail_path, "-16"});
+                    commands.add(new String[]{grep_path, "fixed-address"});
+                    commands.add(new String[]{awk_path, "{print $2}"});
+                    commands.add(new String[]{sed_path, "-e", "s/;//"});
+                    String ipAddr = Script.executePipedCommands(commands, 0).second();
                     // Check if the IP belongs to the network
-                    if((ipAddr != null) && NetUtils.isIpWithInCidrRange(ipAddr, networkCidr)){
+                    if((ipAddr != null) && NetUtils.isIpWithInCidrRange(ipAddr, networkCidr)) {
                         ip = ipAddr;
                         break;
                     }
-                    s_logger.debug("GetVmIp: "+command.getVmName()+ " Ip: "+ipAddr+" does not belong to network "+networkCidr);
+                    s_logger.debug("GetVmIp: "+ vmName + " Ip: "+ipAddr+" does not belong to network "+networkCidr);
                 }
             }
         } else {
             // For windows, read from guest Vm registry using virt-win-reg libguestfs ulitiy. Registry Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\<service>\DhcpIPAddress
-            String ipList = Script.runSimpleBashScript(new StringBuilder().append("virt-win-reg --unsafe-printable-strings ").append(command.getVmName())
-                    .append(" 'HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\Tcpip\\Parameters\\Interfaces' | grep DhcpIPAddress | awk -F : '{print $2}' | sed -e 's/^\"//' -e 's/\"$//'").toString());
+            commands = new ArrayList<>();
+            commands.add(new String[]{virt_win_reg_path, "--unsafe-printable-strings", sanitizedVmName, "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\Tcpip\\Parameters\\Interfaces"});
+            commands.add(new String[]{grep_path, "DhcpIPAddress"});
+            commands.add(new String[]{awk_path, "-F", ":", "{print $2}"});
+            commands.add(new String[]{sed_path, "-e", "s/^\"//", "-e", "s/\"$//"});
+            String ipList = Script.executePipedCommands(commands, 0).second();
             if(ipList != null) {
-                s_logger.debug("GetVmIp: "+command.getVmName()+ "Ips: "+ipList);
+                s_logger.debug("GetVmIp: "+ vmName + "Ips: "+ipList);
                 String[] ips = ipList.split("\n");
                 for (String ipAddr : ips){
                     // Check if the IP belongs to the network
@@ -69,13 +93,13 @@ public Answer execute(final GetVmIpAddressCommand command, final LibvirtComputin
                         ip = ipAddr;
                         break;
                     }
-                    s_logger.debug("GetVmIp: "+command.getVmName()+ " Ip: "+ipAddr+" does not belong to network "+networkCidr);
+                    s_logger.debug("GetVmIp: "+ vmName + " Ip: "+ipAddr+" does not belong to network "+networkCidr);
                 }
             }
         }
         if(ip != null){
             result = true;
-            s_logger.debug("GetVmIp: "+command.getVmName()+ " Found Ip: "+ip);
+            s_logger.debug("GetVmIp: "+ vmName + " Found Ip: "+ip);
         }
         return new Answer(command, result, ip);
     }
diff --git a/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtOvsFetchInterfaceCommandWrapper.java b/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtOvsFetchInterfaceCommandWrapper.java
index 5c79de5f4bf9..117a832a68b9 100644
--- a/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtOvsFetchInterfaceCommandWrapper.java
+++ b/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtOvsFetchInterfaceCommandWrapper.java
@@ -19,7 +19,12 @@
 
 package com.cloud.hypervisor.kvm.resource.wrapper;
 
-import org.apache.commons.lang3.StringUtils;
+import java.net.InetAddress;
+import java.net.InterfaceAddress;
+import java.net.NetworkInterface;
+import java.net.SocketException;
+import java.util.Enumeration;
+
 import org.apache.log4j.Logger;
 
 import com.cloud.agent.api.Answer;
@@ -28,33 +33,73 @@
 import com.cloud.hypervisor.kvm.resource.LibvirtComputingResource;
 import com.cloud.resource.CommandWrapper;
 import com.cloud.resource.ResourceWrapper;
-import com.cloud.utils.script.Script;
+import com.cloud.utils.Ternary;
 
 @ResourceWrapper(handles =  OvsFetchInterfaceCommand.class)
 public final class LibvirtOvsFetchInterfaceCommandWrapper extends CommandWrapper<OvsFetchInterfaceCommand, Answer, LibvirtComputingResource> {
 
     private static final Logger s_logger = Logger.getLogger(LibvirtOvsFetchInterfaceCommandWrapper.class);
 
+    private String getSubnetMaskForAddress(NetworkInterface networkInterface, InetAddress inetAddress) {
+        for (InterfaceAddress address : networkInterface.getInterfaceAddresses()) {
+            if (!inetAddress.equals(address.getAddress())) {
+                continue;
+            }
+            int prefixLength = address.getNetworkPrefixLength();
+            int mask = 0xffffffff << (32 - prefixLength);
+            return String.format("%d.%d.%d.%d",
+                    (mask >>> 24) & 0xff,
+                    (mask >>> 16) & 0xff,
+                    (mask >>> 8) & 0xff,
+                    mask & 0xff);
+        }
+        return "";
+    }
+
+    private String getMacAddress(NetworkInterface networkInterface) throws SocketException {
+        byte[] macBytes = networkInterface.getHardwareAddress();
+        if (macBytes == null) {
+            return "";
+        }
+        StringBuilder macAddress = new StringBuilder();
+        for (byte b : macBytes) {
+            macAddress.append(String.format("%02X:", b));
+        }
+        if (macAddress.length() > 0) {
+            macAddress.deleteCharAt(macAddress.length() - 1);  // Remove trailing colon
+        }
+        return macAddress.toString();
+    }
+
+    public Ternary<String, String, String> getInterfaceDetails(String interfaceName) throws SocketException {
+        NetworkInterface networkInterface = NetworkInterface.getByName(interfaceName);
+        if (networkInterface == null) {
+            logger.warn(String.format("Network interface: '%s' not found", interfaceName));
+            return new Ternary<>(null, null, null);
+        }
+        Enumeration<InetAddress> inetAddresses = networkInterface.getInetAddresses();
+        while (inetAddresses.hasMoreElements()) {
+            InetAddress inetAddress = inetAddresses.nextElement();
+            if (inetAddress instanceof java.net.Inet4Address) {
+                String ipAddress = inetAddress.getHostAddress();
+                String subnetMask = getSubnetMaskForAddress(networkInterface, inetAddress);
+                String macAddress = getMacAddress(networkInterface);
+                return new Ternary<>(ipAddress, subnetMask, macAddress);
+            }
+        }
+        return new Ternary<>(null, null, null);
+    }
+
     @Override
     public Answer execute(final OvsFetchInterfaceCommand command, final LibvirtComputingResource libvirtComputingResource) {
-        final String label = command.getLabel();
+        final String label = "'" + command.getLabel() + "'";
 
         s_logger.debug("Will look for network with name-label:" + label);
         try {
-            String ipadd = Script.runSimpleBashScript("ifconfig " + label + " | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}'");
-            if (StringUtils.isEmpty(ipadd)) {
-                ipadd = Script.runSimpleBashScript("ifconfig " + label + " | grep ' inet ' | awk '{ print $2}'");
-            }
-            String mask = Script.runSimpleBashScript("ifconfig " + label + " | grep 'inet addr:' | cut -d: -f4");
-            if (StringUtils.isEmpty(mask)) {
-                mask = Script.runSimpleBashScript("ifconfig " + label + " | grep ' inet ' | awk '{ print $4}'");
-            }
-            String mac = Script.runSimpleBashScript("ifconfig " + label + " | grep HWaddr | awk -F \" \" '{print $5}'");
-            if (StringUtils.isEmpty(mac)) {
-                mac = Script.runSimpleBashScript("ifconfig " + label + " | grep ' ether ' | awk '{ print $2}'");
-            }
+            Ternary<String, String, String> interfaceDetails = getInterfaceDetails(label);
             return new OvsFetchInterfaceAnswer(command, true, "Interface " + label
-                    + " retrieved successfully", ipadd, mask, mac);
+                    + " retrieved successfully", interfaceDetails.first(), interfaceDetails.second(),
+                    interfaceDetails.third());
 
         } catch (final Exception e) {
             s_logger.warn("Caught execption when fetching interface", e);
diff --git a/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtPrepareForMigrationCommandWrapper.java b/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtPrepareForMigrationCommandWrapper.java
index 3f281e54bba7..769482fa0d72 100644
--- a/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtPrepareForMigrationCommandWrapper.java
+++ b/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtPrepareForMigrationCommandWrapper.java
@@ -47,7 +47,6 @@
 import com.cloud.resource.ResourceWrapper;
 import com.cloud.storage.Volume;
 import com.cloud.utils.exception.CloudRuntimeException;
-import com.cloud.utils.script.Script;
 
 @ResourceWrapper(handles =  PrepareForMigrationCommand.class)
 public final class LibvirtPrepareForMigrationCommandWrapper extends CommandWrapper<PrepareForMigrationCommand, Answer, LibvirtComputingResource> {
@@ -126,9 +125,7 @@ public Answer execute(final PrepareForMigrationCommand command, final LibvirtCom
         } catch (final LibvirtException | CloudRuntimeException | InternalErrorException | URISyntaxException e) {
             if (MapUtils.isNotEmpty(dpdkInterfaceMapping)) {
                 for (DpdkTO to : dpdkInterfaceMapping.values()) {
-                    String cmd = String.format("ovs-vsctl del-port %s", to.getPort());
-                    s_logger.debug("Removing DPDK port: " + to.getPort());
-                    Script.runSimpleBashScript(cmd);
+                    removeDpdkPort(to.getPort());
                 }
             }
             return new PrepareForMigrationAnswer(command, e.toString());
diff --git a/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtReadyCommandWrapper.java b/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtReadyCommandWrapper.java
index fc57cd412f0c..0803fc2b9564 100644
--- a/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtReadyCommandWrapper.java
+++ b/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtReadyCommandWrapper.java
@@ -19,9 +19,13 @@
 
 package com.cloud.hypervisor.kvm.resource.wrapper;
 
+import java.util.ArrayList;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
 
+import org.apache.log4j.Logger;
+
 import com.cloud.agent.api.Answer;
 import com.cloud.agent.api.ReadyAnswer;
 import com.cloud.agent.api.ReadyCommand;
@@ -31,8 +35,6 @@
 import com.cloud.resource.ResourceWrapper;
 import com.cloud.utils.script.Script;
 
-import org.apache.log4j.Logger;
-
 @ResourceWrapper(handles =  ReadyCommand.class)
 public final class LibvirtReadyCommandWrapper extends CommandWrapper<ReadyCommand, Answer, LibvirtComputingResource> {
 
@@ -50,12 +52,17 @@ public Answer execute(final ReadyCommand command, final LibvirtComputingResource
     }
 
     private boolean hostSupportsUefi(boolean isUbuntuHost) {
-        String cmd = "rpm -qa | grep -i ovmf";
+        int result;
         if (isUbuntuHost) {
-            cmd = "dpkg -l ovmf";
+            s_logger.debug("Running command : dpkg -l ovmf");
+            result = Script.executeCommandForExitValue(Script.getExecutableAbsolutePath("dpkg"), "-l", "ovmf");
+        } else {
+            s_logger.debug("Running command : rpm -qa | grep -i ovmf");
+            List<String[]> commands = new ArrayList<>();
+            commands.add(new String[]{Script.getExecutableAbsolutePath("rpm"), "-qa"});
+            commands.add(new String[]{Script.getExecutableAbsolutePath("grep"), "-i", "ovmf"});
+            result = Script.executePipedCommands(commands, 0).first();
         }
-        s_logger.debug("Running command : " + cmd);
-        int result = Script.runSimpleBashScriptForExitValue(cmd);
         s_logger.debug("Got result : " + result);
         return result == 0;
     }
diff --git a/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtRevokeDirectDownloadCertificateWrapper.java b/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtRevokeDirectDownloadCertificateWrapper.java
index 6c83c4d9f066..f230d3f49733 100644
--- a/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtRevokeDirectDownloadCertificateWrapper.java
+++ b/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtRevokeDirectDownloadCertificateWrapper.java
@@ -19,6 +19,15 @@
 
 package com.cloud.hypervisor.kvm.resource.wrapper;
 
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+
+import org.apache.cloudstack.agent.directdownload.RevokeDirectDownloadCertificateCommand;
+import org.apache.cloudstack.utils.security.KeyStoreUtils;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.log4j.Logger;
+
 import com.cloud.agent.api.Answer;
 import com.cloud.hypervisor.kvm.resource.LibvirtComputingResource;
 import com.cloud.resource.CommandWrapper;
@@ -26,14 +35,6 @@
 import com.cloud.utils.PropertiesUtil;
 import com.cloud.utils.exception.CloudRuntimeException;
 import com.cloud.utils.script.Script;
-import org.apache.cloudstack.agent.directdownload.RevokeDirectDownloadCertificateCommand;
-import org.apache.cloudstack.utils.security.KeyStoreUtils;
-import org.apache.commons.lang3.StringUtils;
-import org.apache.log4j.Logger;
-
-import java.io.File;
-import java.io.FileNotFoundException;
-import java.io.IOException;
 
 @ResourceWrapper(handles =  RevokeDirectDownloadCertificateCommand.class)
 public class LibvirtRevokeDirectDownloadCertificateWrapper extends CommandWrapper<RevokeDirectDownloadCertificateCommand, Answer, LibvirtComputingResource> {
@@ -84,17 +85,17 @@ public Answer execute(RevokeDirectDownloadCertificateCommand command, LibvirtCom
             }
 
             final String keyStoreFile = getKeyStoreFilePath(agentFile);
-
-            String checkCmd = String.format("keytool -list -alias %s -keystore %s -storepass %s",
-                    certificateAlias, keyStoreFile, privatePassword);
-            int existsCmdResult = Script.runSimpleBashScriptForExitValue(checkCmd);
+            String keyToolPath = Script.getExecutableAbsolutePath("keytool");
+            int existsCmdResult = Script.executeCommandForExitValue(keyToolPath, "-list", "-alias",
+                    sanitizeBashCommandArgument(certificateAlias), "-keystore", keyStoreFile, "-storepass",
+                    privatePassword);
             if (existsCmdResult == 1) {
                 s_logger.error("Certificate alias " + certificateAlias + " does not exist, no need to revoke it");
             } else {
-                String revokeCmd = String.format("keytool -delete -alias %s -keystore %s -storepass %s",
-                        certificateAlias, keyStoreFile, privatePassword);
                 s_logger.debug("Revoking certificate alias " + certificateAlias + " from keystore " + keyStoreFile);
-                Script.runSimpleBashScriptForExitValue(revokeCmd);
+                Script.executeCommandForExitValue(keyToolPath, "-delete", "-alias",
+                        sanitizeBashCommandArgument(certificateAlias), "-keystore", keyStoreFile, "-storepass",
+                        privatePassword);;
             }
         } catch (FileNotFoundException | CloudRuntimeException e) {
             s_logger.error("Error while setting up certificate " + certificateAlias, e);
diff --git a/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtSetupDirectDownloadCertificateCommandWrapper.java b/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtSetupDirectDownloadCertificateCommandWrapper.java
index fff8da7c4ea3..0774d306b8a1 100644
--- a/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtSetupDirectDownloadCertificateCommandWrapper.java
+++ b/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtSetupDirectDownloadCertificateCommandWrapper.java
@@ -18,21 +18,26 @@
 //
 package com.cloud.hypervisor.kvm.resource.wrapper;
 
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+
+import org.apache.cloudstack.agent.directdownload.SetupDirectDownloadCertificateCommand;
+import org.apache.cloudstack.utils.security.KeyStoreUtils;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.log4j.Logger;
+
 import com.cloud.agent.api.Answer;
 import com.cloud.hypervisor.kvm.resource.LibvirtComputingResource;
 import com.cloud.resource.CommandWrapper;
 import com.cloud.resource.ResourceWrapper;
+import com.cloud.utils.FileUtil;
 import com.cloud.utils.PropertiesUtil;
 import com.cloud.utils.exception.CloudRuntimeException;
 import com.cloud.utils.script.Script;
-import org.apache.cloudstack.agent.directdownload.SetupDirectDownloadCertificateCommand;
-import org.apache.cloudstack.utils.security.KeyStoreUtils;
-import org.apache.commons.lang3.StringUtils;
-import org.apache.log4j.Logger;
-
-import java.io.File;
-import java.io.FileNotFoundException;
-import java.io.IOException;
 
 @ResourceWrapper(handles =  SetupDirectDownloadCertificateCommand.class)
 public class LibvirtSetupDirectDownloadCertificateCommandWrapper extends CommandWrapper<SetupDirectDownloadCertificateCommand, Answer, LibvirtComputingResource> {
@@ -79,9 +84,10 @@ private String getKeyStoreFilePath(File agentFile) {
      */
     private void importCertificate(String tempCerFilePath, String keyStoreFile, String certificateName, String privatePassword) {
         s_logger.debug("Importing certificate from temporary file to keystore");
-        String importCommandFormat = "keytool -importcert -file %s -keystore %s -alias '%s' -storepass '%s' -noprompt";
-        String importCmd = String.format(importCommandFormat, tempCerFilePath, keyStoreFile, certificateName, privatePassword);
-        int result = Script.runSimpleBashScriptForExitValue(importCmd);
+        String keyToolPath = Script.getExecutableAbsolutePath("keytool");
+        int result = Script.executeCommandForExitValue(keyToolPath, "-importcert", "file", tempCerFilePath,
+                "-keystore", keyStoreFile, "-alias", sanitizeBashCommandArgument(certificateName), "-storepass",
+                privatePassword, "-noprompt");
         if (result != 0) {
             s_logger.debug("Certificate " + certificateName + " not imported as it already exist on keystore");
         }
@@ -94,8 +100,7 @@ private String createTemporaryFile(File agentFile, String certificateName, Strin
         String tempCerFilePath = String.format("%s/%s-%s",
                 agentFile.getParent(), temporaryCertFilePrefix, certificateName);
         s_logger.debug("Creating temporary certificate file into: " + tempCerFilePath);
-        int result = Script.runSimpleBashScriptForExitValue(String.format("echo '%s' > %s", certificate, tempCerFilePath));
-        if (result != 0) {
+        if (!FileUtil.writeToFile(tempCerFilePath, certificate)) {
             throw new CloudRuntimeException("Could not create the certificate file on path: " + tempCerFilePath);
         }
         return tempCerFilePath;
@@ -104,9 +109,23 @@ private String createTemporaryFile(File agentFile, String certificateName, Strin
     /**
      * Remove temporary file
      */
-    private void cleanupTemporaryFile(String temporaryFile) {
+    protected void cleanupTemporaryFile(String temporaryFile) {
         s_logger.debug("Cleaning up temporary certificate file");
-        Script.runSimpleBashScript("rm -f " + temporaryFile);
+        if (StringUtils.isBlank(temporaryFile)) {
+            s_logger.debug("Provided temporary certificate file path is empty");
+            return;
+        }
+        try {
+            Path filePath = Paths.get(temporaryFile);
+            if (!Files.exists(filePath)) {
+                s_logger.debug("Temporary certificate file does not exist: " + temporaryFile);
+                return;
+            }
+            Files.delete(filePath);
+        } catch (IOException e) {
+            s_logger.warn(String.format("Error while cleaning up temporary file: %s", temporaryFile));
+            s_logger.debug(String.format("Error while cleaning up temporary file: %s", temporaryFile), e);
+        }
     }
 
     @Override
diff --git a/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtStopCommandWrapper.java b/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtStopCommandWrapper.java
index 7ee6ccddf66e..518ee2b6f0a0 100644
--- a/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtStopCommandWrapper.java
+++ b/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtStopCommandWrapper.java
@@ -23,28 +23,27 @@
 import java.util.List;
 import java.util.Map;
 
-import com.cloud.agent.api.to.DpdkTO;
-import com.cloud.hypervisor.kvm.resource.LibvirtKvmAgentHook;
-import com.cloud.utils.Pair;
-import com.cloud.utils.script.Script;
-import com.cloud.utils.ssh.SshHelper;
 import org.apache.commons.collections.CollectionUtils;
 import org.apache.commons.collections.MapUtils;
 import org.apache.log4j.Logger;
 import org.libvirt.Connect;
 import org.libvirt.Domain;
 import org.libvirt.DomainInfo.DomainState;
+import org.libvirt.LibvirtException;
 
 import com.cloud.agent.api.Answer;
 import com.cloud.agent.api.StopAnswer;
 import com.cloud.agent.api.StopCommand;
+import com.cloud.agent.api.to.DpdkTO;
 import com.cloud.hypervisor.kvm.resource.LibvirtComputingResource;
+import com.cloud.hypervisor.kvm.resource.LibvirtKvmAgentHook;
 import com.cloud.hypervisor.kvm.resource.LibvirtVMDef.DiskDef;
 import com.cloud.hypervisor.kvm.resource.LibvirtVMDef.InterfaceDef;
 import com.cloud.hypervisor.kvm.resource.VifDriver;
 import com.cloud.resource.CommandWrapper;
 import com.cloud.resource.ResourceWrapper;
-import org.libvirt.LibvirtException;
+import com.cloud.utils.Pair;
+import com.cloud.utils.ssh.SshHelper;
 
 @ResourceWrapper(handles =  StopCommand.class)
 public final class LibvirtStopCommandWrapper extends CommandWrapper<StopCommand, Answer, LibvirtComputingResource> {
@@ -121,10 +120,7 @@ public Answer execute(final StopCommand command, final LibvirtComputingResource
                     Map<String, DpdkTO> dpdkInterfaceMapping = command.getDpdkInterfaceMapping();
                     if (MapUtils.isNotEmpty(dpdkInterfaceMapping)) {
                         for (DpdkTO to : dpdkInterfaceMapping.values()) {
-                            String portToRemove = to.getPort();
-                            String cmd = String.format("ovs-vsctl del-port %s", portToRemove);
-                            s_logger.debug("Removing DPDK port: " + portToRemove);
-                            Script.runSimpleBashScript(cmd);
+                            removeDpdkPort(to.getPort());
                         }
                     }
                 } else {
diff --git a/plugins/hypervisors/kvm/src/test/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtOvsFetchInterfaceCommandWrapperTest.java b/plugins/hypervisors/kvm/src/test/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtOvsFetchInterfaceCommandWrapperTest.java
new file mode 100644
index 000000000000..fbc9c2bcb4bc
--- /dev/null
+++ b/plugins/hypervisors/kvm/src/test/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtOvsFetchInterfaceCommandWrapperTest.java
@@ -0,0 +1,105 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package com.cloud.hypervisor.kvm.resource.wrapper;
+
+import java.net.Inet4Address;
+import java.net.InetAddress;
+import java.net.NetworkInterface;
+import java.net.SocketException;
+import java.util.Enumeration;
+import java.util.List;
+import java.util.UUID;
+
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Spy;
+import org.powermock.core.classloader.annotations.PrepareForTest;
+import org.powermock.modules.junit4.PowerMockRunner;
+
+import com.cloud.utils.StringUtils;
+import com.cloud.utils.Ternary;
+
+@RunWith(PowerMockRunner.class)
+@PrepareForTest(value = {LibvirtOvsFetchInterfaceCommandWrapper.class})
+public class LibvirtOvsFetchInterfaceCommandWrapperTest {
+
+    @Spy
+    LibvirtOvsFetchInterfaceCommandWrapper wrapper = new LibvirtOvsFetchInterfaceCommandWrapper();
+
+    @Test
+    public void testGetInterfaceDetailsValidValid() {
+        String interfaceName = null;
+        String ipAddress = null;
+        try {
+            Enumeration<NetworkInterface> interfaces = NetworkInterface.getNetworkInterfaces();
+            while(interfaces.hasMoreElements()) {
+                NetworkInterface networkInterface = interfaces.nextElement();
+                if (networkInterface.getInetAddresses().hasMoreElements() &&
+                        (networkInterface.getName().startsWith("eth") ||
+                                networkInterface.getName().startsWith("wl"))) {
+                    interfaceName = networkInterface.getName();
+                    Enumeration<InetAddress> addresses = networkInterface.getInetAddresses();
+                    while(addresses.hasMoreElements()) {
+                        InetAddress addr = addresses.nextElement();
+                        if (addr instanceof Inet4Address) {
+                            ipAddress  = addr.getHostAddress();
+                            break;
+                        };
+                    }
+                }
+            }
+        } catch (SocketException ignored) {}
+        Ternary<String, String, String> result = null;
+        try {
+            result = wrapper.getInterfaceDetails(interfaceName);
+        } catch (SocketException e) {
+            Assert.fail("Exception occurred: " + e.getMessage());
+        }
+        Assert.assertNotNull(result);
+        Assert.assertEquals(ipAddress, result.first().trim());
+    }
+
+    private String getTempFilepath() {
+        return String.format("%s/%s.txt", System.getProperty("java.io.tmpdir"), UUID.randomUUID());
+    }
+
+    private void runTestGetInterfaceDetailsForRandomInterfaceName(String arg) {
+        try {
+            Ternary<String, String, String> result = wrapper.getInterfaceDetails(arg);
+            Assert.assertTrue(StringUtils.isAllEmpty(result.first(), result.second(), result.third()));
+        } catch (SocketException e) {
+            Assert.fail(String.format("Exception occurred: %s", e.getMessage()));
+        }
+    }
+
+    @Test
+    public void testGetInterfaceDetailsForRandomInterfaceName() {
+        List<String> commandVariants = List.of(
+                "';touch %s'",
+                ";touch %s",
+                "&& touch %s",
+                "|| touch %s",
+                UUID.randomUUID().toString());
+        for (String cmd : commandVariants) {
+            String filePath = getTempFilepath();
+            String arg = String.format(cmd, filePath);
+            runTestGetInterfaceDetailsForRandomInterfaceName(arg);
+        }
+    }
+}
diff --git a/plugins/hypervisors/kvm/src/test/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtPrepareForMigrationCommandWrapperTest.java b/plugins/hypervisors/kvm/src/test/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtPrepareForMigrationCommandWrapperTest.java
index 5530819c2e43..e534f815e3d4 100644
--- a/plugins/hypervisors/kvm/src/test/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtPrepareForMigrationCommandWrapperTest.java
+++ b/plugins/hypervisors/kvm/src/test/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtPrepareForMigrationCommandWrapperTest.java
@@ -1,4 +1,3 @@
-//
 // Licensed to the Apache Software Foundation (ASF) under one
 // or more contributor license agreements.  See the NOTICE file
 // distributed with this work for additional information
@@ -15,15 +14,14 @@
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License.
-//
 
 package com.cloud.hypervisor.kvm.resource.wrapper;
 
-import com.cloud.agent.api.PrepareForMigrationAnswer;
-import com.cloud.agent.api.PrepareForMigrationCommand;
-import com.cloud.agent.api.to.DpdkTO;
-import com.cloud.agent.api.to.VirtualMachineTO;
-import com.cloud.hypervisor.kvm.resource.LibvirtComputingResource;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.UUID;
+
 import org.junit.Assert;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -33,8 +31,12 @@
 import org.powermock.core.classloader.annotations.PrepareForTest;
 import org.powermock.modules.junit4.PowerMockRunner;
 
-import java.util.HashMap;
-import java.util.Map;
+import com.cloud.agent.api.PrepareForMigrationAnswer;
+import com.cloud.agent.api.PrepareForMigrationCommand;
+import com.cloud.agent.api.to.DpdkTO;
+import com.cloud.agent.api.to.VirtualMachineTO;
+import com.cloud.hypervisor.kvm.resource.LibvirtComputingResource;
+import com.cloud.utils.exception.CloudRuntimeException;
 
 @RunWith(PowerMockRunner.class)
 @PrepareForTest(value = {LibvirtPrepareForMigrationCommandWrapper.class})
@@ -72,4 +74,29 @@ public void createPrepareForMigrationAnswerTestVerifyThatCpuSharesIsSet() {
 
         Assert.assertEquals(cpuShares, prepareForMigrationAnswer.getNewVmCpuShares().intValue());
     }
+
+    private String getTempFilepath() {
+        return String.format("%s/%s.txt", System.getProperty("java.io.tmpdir"), UUID.randomUUID());
+    }
+
+    private void runTestRemoveDpdkPortForCommandInjection(String portWithCommand) {
+        try {
+            libvirtPrepareForMigrationCommandWrapperSpy.removeDpdkPort(portWithCommand);
+            Assert.fail(String.format("Command injection working for portWithCommand: %s", portWithCommand));
+        } catch (CloudRuntimeException ignored) {}
+    }
+
+    @Test
+    public void testRemoveDpdkPortForCommandInjection() {
+        List<String> commandVariants = List.of(
+                "';touch %s'",
+                ";touch %s",
+                "&& touch %s",
+                "|| touch %s",
+                UUID.randomUUID().toString());
+        for (String cmd : commandVariants) {
+            String portWithCommand = String.format(cmd, getTempFilepath());
+            runTestRemoveDpdkPortForCommandInjection(portWithCommand);
+        }
+    }
 }
diff --git a/plugins/hypervisors/kvm/src/test/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtSetupDirectDownloadCertificateCommandWrapperTest.java b/plugins/hypervisors/kvm/src/test/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtSetupDirectDownloadCertificateCommandWrapperTest.java
new file mode 100644
index 000000000000..cd78733a2372
--- /dev/null
+++ b/plugins/hypervisors/kvm/src/test/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtSetupDirectDownloadCertificateCommandWrapperTest.java
@@ -0,0 +1,93 @@
+//
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+//
+
+package com.cloud.hypervisor.kvm.resource.wrapper;
+
+import java.io.File;
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.util.List;
+import java.util.UUID;
+
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Spy;
+import org.powermock.core.classloader.annotations.PrepareForTest;
+import org.powermock.modules.junit4.PowerMockRunner;
+
+@RunWith(PowerMockRunner.class)
+@PrepareForTest(value = {LibvirtSetupDirectDownloadCertificateCommandWrapper.class})
+public class LibvirtSetupDirectDownloadCertificateCommandWrapperTest {
+
+    @Spy
+    LibvirtSetupDirectDownloadCertificateCommandWrapper wrapper = new LibvirtSetupDirectDownloadCertificateCommandWrapper();
+
+    private String getTempFilepath() {
+        return String.format("%s/%s.txt", System.getProperty("java.io.tmpdir"), UUID.randomUUID());
+    }
+
+    private void runTestCleanupTemporaryFileForRandomFileNames(String fileWithCommand, String filePath) {
+        wrapper.cleanupTemporaryFile(fileWithCommand);
+        File f = new File(filePath);
+        if(f.exists() && !f.isDirectory()) {
+            Assert.fail(String.format("Command injection working for fileWithCommand: %s", fileWithCommand));
+        }
+    }
+
+    @Test
+    public void testCleanupTemporaryFileForRandomFileNames() {
+        List<String> commandVariants = List.of(
+                "';touch %s'",
+                ";touch %s",
+                "&& touch %s",
+                "|| touch %s",
+                "%s");
+        for (String cmd : commandVariants) {
+            String filePath = getTempFilepath();
+            String arg = String.format(cmd, filePath);
+            runTestCleanupTemporaryFileForRandomFileNames(arg, filePath);
+        }
+    }
+
+    private String createTempFile() {
+        String filePath = getTempFilepath();
+        Path path = Paths.get(getTempFilepath());
+        try {
+            if (Files.notExists(path)) {
+                Files.createFile(path);
+            }
+        } catch (IOException e) {
+            Assert.fail(String.format("Error while creating file: %s due to %s", filePath, e.getMessage()));
+        }
+        return filePath;
+    }
+
+    @Test
+    public void testCleanupTemporaryFileValid() {
+        String filePath = createTempFile();
+        wrapper.cleanupTemporaryFile(filePath);
+        File f = new File(filePath);
+        if(f.exists() && !f.isDirectory()) {
+            Assert.fail(String.format("Command injection working for fileWithCommand: %s", filePath));
+        }
+    }
+}
diff --git a/plugins/hypervisors/kvm/src/test/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtStopCommandWrapperTest.java b/plugins/hypervisors/kvm/src/test/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtStopCommandWrapperTest.java
new file mode 100644
index 000000000000..c701946edaa0
--- /dev/null
+++ b/plugins/hypervisors/kvm/src/test/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtStopCommandWrapperTest.java
@@ -0,0 +1,63 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package com.cloud.hypervisor.kvm.resource.wrapper;
+
+import java.util.List;
+import java.util.UUID;
+
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Spy;
+import org.powermock.core.classloader.annotations.PrepareForTest;
+import org.powermock.modules.junit4.PowerMockRunner;
+
+import com.cloud.utils.exception.CloudRuntimeException;
+
+@RunWith(PowerMockRunner.class)
+@PrepareForTest(value = {LibvirtStopCommandWrapper.class})
+public class LibvirtStopCommandWrapperTest {
+
+    @Spy
+    LibvirtStopCommandWrapper wrapper = new LibvirtStopCommandWrapper();
+
+    private String getTempFilepath() {
+        return String.format("%s/%s.txt", System.getProperty("java.io.tmpdir"), UUID.randomUUID());
+    }
+
+    private void runTestRemoveDpdkPortForCommandInjection(String portWithCommand) {
+        try {
+            wrapper.removeDpdkPort(portWithCommand);
+            Assert.fail(String.format("Command injection working for portWithCommand: %s", portWithCommand));
+        } catch (CloudRuntimeException ignored) {}
+    }
+
+    @Test
+    public void testRemoveDpdkPortForCommandInjection() {
+        List<String> commandVariants = List.of(
+                "';touch %s'",
+                ";touch %s",
+                "&& touch %s",
+                "|| touch %s",
+                UUID.randomUUID().toString());
+        for (String cmd : commandVariants) {
+            String portWithCommand = String.format(cmd, getTempFilepath());
+            runTestRemoveDpdkPortForCommandInjection(portWithCommand);
+        }
+    }
+}
diff --git a/server/src/main/java/com/cloud/api/ApiServer.java b/server/src/main/java/com/cloud/api/ApiServer.java
index 4a7259c6d335..cf0e689ed27d 100644
--- a/server/src/main/java/com/cloud/api/ApiServer.java
+++ b/server/src/main/java/com/cloud/api/ApiServer.java
@@ -399,6 +399,17 @@ public void handleAsyncJobPublishEvent(String subject, String senderAddress, Obj
         }
     }
 
+    protected void setupIntegrationPortListener(Integer apiPort) {
+        if (apiPort == null || apiPort <= 0) {
+            s_logger.trace(String.format("Skipping setting up listener for integration port as %s is set to %d",
+                    IntegrationAPIPort.key(), apiPort));
+            return;
+        }
+        s_logger.debug(String.format("Setting up integration API service listener on port: %d", apiPort));
+        final ListenerThread listenerThread = new ListenerThread(this, apiPort);
+        listenerThread.start();
+    }
+
     @Override
     public boolean start() {
         Security.addProvider(new BouncyCastleProvider());
@@ -444,10 +455,7 @@ public boolean start() {
 
         setEncodeApiResponse(EncodeApiResponse.value());
 
-        if (apiPort != null) {
-            final ListenerThread listenerThread = new ListenerThread(this, apiPort);
-            listenerThread.start();
-        }
+        setupIntegrationPortListener(apiPort);
 
         return true;
     }
diff --git a/server/src/main/java/org/apache/cloudstack/ca/CAManagerImpl.java b/server/src/main/java/org/apache/cloudstack/ca/CAManagerImpl.java
index facad1add161..609c4d512a91 100644
--- a/server/src/main/java/org/apache/cloudstack/ca/CAManagerImpl.java
+++ b/server/src/main/java/org/apache/cloudstack/ca/CAManagerImpl.java
@@ -24,6 +24,7 @@
 import java.security.KeyStoreException;
 import java.security.cert.CertificateExpiredException;
 import java.security.cert.CertificateNotYetValidException;
+import java.security.cert.CertificateParsingException;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -432,6 +433,14 @@ public String getConfigComponentName() {
 
     @Override
     public ConfigKey<?>[] getConfigKeys() {
-        return new ConfigKey<?>[] {CAProviderPlugin, CertKeySize, CertSignatureAlgorithm, CertValidityPeriod, AutomaticCertRenewal, AllowHostIPInSysVMAgentCert, CABackgroundJobDelay, CertExpiryAlertPeriod};
+        return new ConfigKey<?>[] {CAProviderPlugin, CertKeySize, CertSignatureAlgorithm, CertValidityPeriod,
+                AutomaticCertRenewal, AllowHostIPInSysVMAgentCert, CABackgroundJobDelay, CertExpiryAlertPeriod,
+                CertManagementCustomSubjectAlternativeName
+        };
+    }
+
+    @Override
+    public boolean isManagementCertificate(java.security.cert.Certificate certificate) throws CertificateParsingException {
+        return getConfiguredCaProvider().isManagementCertificate(certificate);
     }
 }
diff --git a/server/src/test/java/com/cloud/api/ApiServerTest.java b/server/src/test/java/com/cloud/api/ApiServerTest.java
new file mode 100644
index 000000000000..2c7eebddc492
--- /dev/null
+++ b/server/src/test/java/com/cloud/api/ApiServerTest.java
@@ -0,0 +1,73 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.api;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.InjectMocks;
+import org.mockito.Mockito;
+import org.powermock.api.mockito.PowerMockito;
+import org.powermock.core.classloader.annotations.PrepareForTest;
+import org.powermock.modules.junit4.PowerMockRunner;
+
+@RunWith(PowerMockRunner.class)
+@PrepareForTest(ApiServer.class)
+public class ApiServerTest {
+
+    @InjectMocks
+    ApiServer apiServer = new ApiServer();
+
+    private List<ApiServer.ListenerThread> createdListeners;
+
+    private void runTestSetupIntegrationPortListenerInvalidPorts(Integer port) {
+        try {
+            ApiServer.ListenerThread mocked = Mockito.mock(ApiServer.ListenerThread.class);
+            PowerMockito.whenNew(ApiServer.ListenerThread.class).withAnyArguments().thenReturn(mocked);
+            apiServer.setupIntegrationPortListener(port);
+            Mockito.verify(mocked, Mockito.never()).start();
+        } catch (Exception e) {
+            Assert.fail(String.format("Exception occurred: %s", e.getMessage()));
+        }
+    }
+
+    @Test
+    public void testSetupIntegrationPortListenerInvalidPorts() {
+        List<Integer> ports = new ArrayList<>(List.of(-1, -10, 0));
+        ports.add(null);
+        for (Integer port : ports) {
+            runTestSetupIntegrationPortListenerInvalidPorts(port);
+        }
+    }
+
+    @Test
+    public void testSetupIntegrationPortListenerValidPort() {
+        Integer validPort = 8080;
+        try {
+            ApiServer.ListenerThread mocked = Mockito.mock(ApiServer.ListenerThread.class);
+            PowerMockito.whenNew(ApiServer.ListenerThread.class).withAnyArguments().thenReturn(mocked);
+            apiServer.setupIntegrationPortListener(validPort);
+            PowerMockito.verifyNew(ApiServer.ListenerThread.class).withArguments(apiServer, validPort);
+            Mockito.verify(mocked).start();
+        } catch (Exception e) {
+            Assert.fail(String.format("Exception occurred: %s", e.getMessage()));
+        }
+    }
+}
diff --git a/utils/src/main/java/com/cloud/utils/FileUtil.java b/utils/src/main/java/com/cloud/utils/FileUtil.java
index d9bf08176874..fbb04e134dc7 100644
--- a/utils/src/main/java/com/cloud/utils/FileUtil.java
+++ b/utils/src/main/java/com/cloud/utils/FileUtil.java
@@ -21,15 +21,20 @@
 
 import java.io.File;
 import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
 import java.util.Arrays;
 import java.util.List;
 import java.util.stream.Collectors;
 
-import com.cloud.utils.exception.CloudRuntimeException;
-import com.cloud.utils.ssh.SshHelper;
 import org.apache.commons.io.FileUtils;
 import org.apache.log4j.Logger;
 
+import com.cloud.utils.exception.CloudRuntimeException;
+import com.cloud.utils.ssh.SshHelper;
+
 public class FileUtil {
     private static final Logger s_logger = Logger.getLogger(FileUtil.class);
 
@@ -57,4 +62,16 @@ public static void scpPatchFiles(String controlIp, String destPath, int sshPort,
         }
         throw new CloudRuntimeException(finalErrMsg);
     }
+
+    public static boolean writeToFile(String fileName, String content) {
+        Path filePath = Paths.get(fileName);
+        try {
+            Files.write(filePath, content.getBytes(StandardCharsets.UTF_8));
+            s_logger.debug(String.format("Successfully wrote to the file: %s", fileName));
+            return true;
+        } catch (IOException e) {
+            s_logger.error(String.format("Error writing to the file: %s", fileName), e);
+        }
+        return false;
+    }
 }
diff --git a/utils/src/main/java/com/cloud/utils/script/Script.java b/utils/src/main/java/com/cloud/utils/script/Script.java
index fb57f256690e..299ec2a91c05 100644
--- a/utils/src/main/java/com/cloud/utils/script/Script.java
+++ b/utils/src/main/java/com/cloud/utils/script/Script.java
@@ -19,14 +19,6 @@
 
 package com.cloud.utils.script;
 
-import com.cloud.utils.PropertiesUtil;
-import com.cloud.utils.concurrency.NamedThreadFactory;
-import com.cloud.utils.script.OutputInterpreter.TimedOutLogger;
-import org.apache.cloudstack.utils.security.KeyStoreUtils;
-import org.apache.commons.io.IOUtils;
-import org.apache.log4j.Logger;
-import org.joda.time.Duration;
-
 import java.io.BufferedReader;
 import java.io.File;
 import java.io.IOException;
@@ -40,10 +32,24 @@
 import java.util.List;
 import java.util.Properties;
 import java.util.concurrent.Callable;
+import java.util.concurrent.ExecutionException;
 import java.util.concurrent.Executors;
+import java.util.concurrent.Future;
 import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.ScheduledFuture;
 import java.util.concurrent.TimeUnit;
+import java.util.concurrent.TimeoutException;
+import java.util.stream.Collectors;
+
+import org.apache.cloudstack.utils.security.KeyStoreUtils;
+import org.apache.commons.io.IOUtils;
+import org.apache.log4j.Logger;
+import org.joda.time.Duration;
+
+import com.cloud.utils.Pair;
+import com.cloud.utils.PropertiesUtil;
+import com.cloud.utils.concurrency.NamedThreadFactory;
+import com.cloud.utils.script.OutputInterpreter.TimedOutLogger;
 
 public class Script implements Callable<String> {
     private static final Logger s_logger = Logger.getLogger(Script.class);
@@ -52,7 +58,7 @@ public class Script implements Callable<String> {
 
     public static final String ERR_EXECUTE = "execute.error";
     public static final String ERR_TIMEOUT = "timeout";
-    private int _defaultTimeout = 3600 * 1000; /* 1 hour */
+    private static final int DEFAULT_TIMEOUT = 3600 * 1000; /* 1 hour */
     private volatile boolean _isTimeOut = false;
 
     private boolean _passwordCommand = false;
@@ -84,7 +90,7 @@ public Script(String command, long timeout, Logger logger) {
         _timeout = timeout;
         if (_timeout == 0) {
             /* always using default timeout 1 hour to avoid thread hang */
-            _timeout = _defaultTimeout;
+            _timeout = DEFAULT_TIMEOUT;
         }
         _process = null;
         _logger = logger != null ? logger : s_logger;
@@ -486,16 +492,7 @@ public static String findScript(String path, String script) {
         return null;
     }
 
-    public static String runSimpleBashScript(String command) {
-        return Script.runSimpleBashScript(command, 0);
-    }
-
-    public static String runSimpleBashScript(String command, int timeout) {
-
-        Script s = new Script("/bin/bash", timeout);
-        s.add("-c");
-        s.add(command);
-
+    private static String runScript(Script s) {
         OutputInterpreter.OneLineParser parser = new OutputInterpreter.OneLineParser();
         if (s.execute(parser) != null)
             return null;
@@ -507,16 +504,83 @@ public static String runSimpleBashScript(String command, int timeout) {
             return result.trim();
     }
 
-    public static int runSimpleBashScriptForExitValue(String command) {
-        return runSimpleBashScriptForExitValue(command, 0);
-    }
-
-    public static int runSimpleBashScriptForExitValue(String command, int timeout) {
-
+    public static String runSimpleBashScript(String command, int timeout) {
         Script s = new Script("/bin/bash", timeout);
         s.add("-c");
         s.add(command);
+        return runScript(s);
+    }
 
+    public static String runSimpleBashScript(String command) {
+        return Script.runSimpleBashScript(command, 0);
+    }
+
+    public static String getExecutableAbsolutePath(String executable) {
+        for (String dirName : System.getenv("PATH").split(File.pathSeparator)) {
+            File file = new File(dirName, executable);
+            if (file.isFile() && file.canExecute()) {
+                return file.getAbsolutePath();
+            }
+        }
+        return executable;
+    }
+
+    private static Script getScriptForCommandRun(String... command) {
+        Script s = new Script(command[0], 0);
+        if (command.length > 1) {
+            for (int i = 1; i < command.length; ++i) {
+                s.add(command[i]);
+            }
+        }
+        return s;
+    }
+
+    public static String executeCommand(String... command) {
+        return runScript(getScriptForCommandRun(command));
+    }
+
+    public static int executeCommandForExitValue(String... command) {
+        return runScriptForExitValue(getScriptForCommandRun(command));
+    }
+
+    public static Pair<Integer, String> executePipedCommands(List<String[]> commands, long timeout) {
+        if (timeout <= 0) {
+            timeout = DEFAULT_TIMEOUT;
+        }
+        Callable<Pair<Integer, String>> commandRunner = () -> {
+            List<ProcessBuilder> builders = commands.stream().map(ProcessBuilder::new).collect(Collectors.toList());
+            List<Process> processes = ProcessBuilder.startPipeline(builders);
+            Process last = processes.get(processes.size()-1);
+            try (BufferedReader reader = new BufferedReader(new InputStreamReader(last.getInputStream()))) {
+                String line;
+                StringBuilder output = new StringBuilder();
+                while ((line = reader.readLine()) != null) {
+                    output.append(line).append(System.lineSeparator());
+                }
+                last.waitFor();
+                s_logger.debug("Piped commands executed successfully");
+                return new Pair<>(last.exitValue(), output.toString());
+            } catch (IOException | InterruptedException e) {
+                s_logger.error("Error executing piped commands", e);
+                return new Pair<>(-1, stackTraceAsString(e));
+            }
+        };
+
+        Future<Pair<Integer, String>> future = s_executors.submit(commandRunner);
+        Pair<Integer, String> result = new Pair<>(-1, ERR_EXECUTE);
+        try {
+            result = future.get(timeout, TimeUnit.MILLISECONDS);
+        } catch (TimeoutException e) {
+            s_logger.error("Piped command execution timed out, attempting to terminate the processes.");
+            future.cancel(true);
+            result.second(ERR_TIMEOUT);
+        } catch (InterruptedException | ExecutionException e) {
+            s_logger.error("Error executing piped commands", e);
+        }
+        return result;
+    }
+
+    private static int runScriptForExitValue(Script s) {
         String result = s.execute(null);
         if (result == null || result.trim().isEmpty())
             return -1;
@@ -529,4 +593,14 @@ public static int runSimpleBashScriptForExitValue(String command, int timeout) {
         }
     }
 
+    public static int runSimpleBashScriptForExitValue(String command) {
+        return runSimpleBashScriptForExitValue(command, 0);
+    }
+
+    public static int runSimpleBashScriptForExitValue(String command, int timeout) {
+        Script s = new Script("/bin/bash", timeout);
+        s.add("-c");
+        s.add(command);
+        return runScriptForExitValue(s);
+    }
 }
diff --git a/utils/src/test/java/com/cloud/utils/script/ScriptTest.java b/utils/src/test/java/com/cloud/utils/script/ScriptTest.java
new file mode 100644
index 000000000000..cc6047959da9
--- /dev/null
+++ b/utils/src/test/java/com/cloud/utils/script/ScriptTest.java
@@ -0,0 +1,81 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.utils.script;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import java.util.concurrent.TimeUnit;
+
+import org.apache.commons.lang3.StringUtils;
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.junit.MockitoJUnitRunner;
+
+import com.cloud.utils.Pair;
+
+@RunWith(MockitoJUnitRunner.class)
+public class ScriptTest {
+
+    @Test
+    public void testExecutePipedCommandsSingle() {
+        String keyword = "Hello World!";
+        List<String[]> commands = new ArrayList<>();
+        commands.add(new String[]{"echo", keyword});
+        Pair<Integer, String> result = Script.executePipedCommands(commands, 0);
+        Assert.assertNotNull("Result should not be null", result);
+        Assert.assertEquals(0, result.first().intValue());
+        String output = result.second().trim();
+        Assert.assertTrue(StringUtils.isNotEmpty(output));
+        Assert.assertEquals(keyword, output);
+    }
+
+    @Test
+    public void testExecutePipedCommandsMultiple() {
+        String keyword = "Hello";
+        List<String[]> commands = Arrays.asList(
+                new String[]{"echo", String.format("%s\n World", keyword)},
+                new String[]{"grep", keyword}
+        );
+        Pair<Integer, String> result = Script.executePipedCommands(commands, 0);
+        Assert.assertNotNull("Result should not be null", result);
+        Assert.assertEquals(0, result.first().intValue());
+        String output = result.second().trim();
+        Assert.assertTrue(StringUtils.isNotEmpty(output));
+        Assert.assertEquals(keyword, output);
+    }
+
+    @Test
+    public void testExecutePipedCommandsTimeout() {
+        List<String[]> commands = new ArrayList<>();
+        commands.add(new String[]{"sh", "-c", "sleep 10"});
+        Pair<Integer, String> result = Script.executePipedCommands(commands, TimeUnit.SECONDS.toMillis(1));
+        Assert.assertNotNull("Result should not be null", result);
+        Assert.assertEquals(-1, result.first().intValue());
+        Assert.assertEquals(Script.ERR_TIMEOUT, result.second());
+    }
+
+    @Test
+    public void testGetExecutableAbsolutePath() {
+        if (System.getProperty("os.name").startsWith("Windows")) {
+            return;
+        }
+        String result = Script.getExecutableAbsolutePath("ls");
+        Assert.assertTrue(List.of("/usr/bin/ls", "/bin/ls").contains(result));
+    }
+}

From ef5b5bbd4e545bb4e8bc87f878a21da40ba486e8 Mon Sep 17 00:00:00 2001
From: Abhishek Kumar <abhishek.mrt22@gmail.com>
Date: Thu, 4 Jul 2024 16:16:56 +0530
Subject: [PATCH 02/24] Updating pom.xml version numbers for release 4.18.2.1

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
---
 agent/pom.xml                                               | 2 +-
 api/pom.xml                                                 | 2 +-
 client/pom.xml                                              | 2 +-
 core/pom.xml                                                | 2 +-
 debian/changelog                                            | 6 ++++++
 developer/pom.xml                                           | 2 +-
 engine/api/pom.xml                                          | 2 +-
 engine/components-api/pom.xml                               | 2 +-
 engine/orchestration/pom.xml                                | 2 +-
 engine/pom.xml                                              | 2 +-
 engine/schema/pom.xml                                       | 2 +-
 engine/service/pom.xml                                      | 2 +-
 engine/storage/cache/pom.xml                                | 2 +-
 engine/storage/configdrive/pom.xml                          | 2 +-
 engine/storage/datamotion/pom.xml                           | 2 +-
 engine/storage/image/pom.xml                                | 2 +-
 engine/storage/integration-test/pom.xml                     | 2 +-
 engine/storage/pom.xml                                      | 2 +-
 engine/storage/snapshot/pom.xml                             | 2 +-
 engine/storage/volume/pom.xml                               | 2 +-
 framework/agent-lb/pom.xml                                  | 2 +-
 framework/ca/pom.xml                                        | 2 +-
 framework/cluster/pom.xml                                   | 2 +-
 framework/config/pom.xml                                    | 2 +-
 framework/db/pom.xml                                        | 2 +-
 framework/direct-download/pom.xml                           | 4 ++--
 framework/events/pom.xml                                    | 2 +-
 framework/ipc/pom.xml                                       | 2 +-
 framework/jobs/pom.xml                                      | 2 +-
 framework/managed-context/pom.xml                           | 2 +-
 framework/pom.xml                                           | 2 +-
 framework/quota/pom.xml                                     | 2 +-
 framework/rest/pom.xml                                      | 2 +-
 framework/security/pom.xml                                  | 2 +-
 framework/spring/lifecycle/pom.xml                          | 2 +-
 framework/spring/module/pom.xml                             | 2 +-
 plugins/acl/dynamic-role-based/pom.xml                      | 2 +-
 plugins/acl/project-role-based/pom.xml                      | 2 +-
 plugins/acl/static-role-based/pom.xml                       | 2 +-
 .../affinity-group-processors/explicit-dedication/pom.xml   | 2 +-
 plugins/affinity-group-processors/host-affinity/pom.xml     | 2 +-
 .../affinity-group-processors/host-anti-affinity/pom.xml    | 2 +-
 .../non-strict-host-affinity/pom.xml                        | 2 +-
 .../non-strict-host-anti-affinity/pom.xml                   | 4 ++--
 plugins/alert-handlers/snmp-alerts/pom.xml                  | 2 +-
 plugins/alert-handlers/syslog-alerts/pom.xml                | 2 +-
 plugins/api/discovery/pom.xml                               | 2 +-
 plugins/api/rate-limit/pom.xml                              | 2 +-
 plugins/api/solidfire-intg-test/pom.xml                     | 2 +-
 plugins/api/vmware-sioc/pom.xml                             | 2 +-
 plugins/backup/dummy/pom.xml                                | 2 +-
 plugins/backup/networker/pom.xml                            | 2 +-
 plugins/backup/veeam/pom.xml                                | 2 +-
 plugins/ca/root-ca/pom.xml                                  | 2 +-
 plugins/database/mysql-ha/pom.xml                           | 2 +-
 plugins/database/quota/pom.xml                              | 2 +-
 plugins/dedicated-resources/pom.xml                         | 2 +-
 plugins/deployment-planners/implicit-dedication/pom.xml     | 2 +-
 plugins/deployment-planners/user-concentrated-pod/pom.xml   | 2 +-
 plugins/deployment-planners/user-dispersing/pom.xml         | 2 +-
 plugins/event-bus/inmemory/pom.xml                          | 2 +-
 plugins/event-bus/kafka/pom.xml                             | 2 +-
 plugins/event-bus/rabbitmq/pom.xml                          | 2 +-
 plugins/ha-planners/skip-heurestics/pom.xml                 | 2 +-
 plugins/host-allocators/random/pom.xml                      | 2 +-
 plugins/hypervisors/baremetal/pom.xml                       | 2 +-
 plugins/hypervisors/hyperv/pom.xml                          | 2 +-
 plugins/hypervisors/kvm/pom.xml                             | 2 +-
 plugins/hypervisors/ovm/pom.xml                             | 2 +-
 plugins/hypervisors/ovm3/pom.xml                            | 2 +-
 plugins/hypervisors/simulator/pom.xml                       | 2 +-
 plugins/hypervisors/ucs/pom.xml                             | 2 +-
 plugins/hypervisors/vmware/pom.xml                          | 2 +-
 plugins/hypervisors/xenserver/pom.xml                       | 2 +-
 plugins/integrations/cloudian/pom.xml                       | 2 +-
 plugins/integrations/kubernetes-service/pom.xml             | 2 +-
 plugins/integrations/prometheus/pom.xml                     | 2 +-
 plugins/metrics/pom.xml                                     | 2 +-
 plugins/network-elements/bigswitch/pom.xml                  | 2 +-
 plugins/network-elements/brocade-vcs/pom.xml                | 2 +-
 plugins/network-elements/cisco-vnmc/pom.xml                 | 2 +-
 plugins/network-elements/dns-notifier/pom.xml               | 2 +-
 plugins/network-elements/elastic-loadbalancer/pom.xml       | 2 +-
 plugins/network-elements/globodns/pom.xml                   | 2 +-
 plugins/network-elements/internal-loadbalancer/pom.xml      | 2 +-
 plugins/network-elements/juniper-contrail/pom.xml           | 2 +-
 plugins/network-elements/netscaler/pom.xml                  | 2 +-
 plugins/network-elements/nicira-nvp/pom.xml                 | 2 +-
 plugins/network-elements/opendaylight/pom.xml               | 2 +-
 plugins/network-elements/ovs/pom.xml                        | 2 +-
 plugins/network-elements/palo-alto/pom.xml                  | 2 +-
 plugins/network-elements/stratosphere-ssp/pom.xml           | 2 +-
 plugins/network-elements/tungsten/pom.xml                   | 2 +-
 plugins/network-elements/vxlan/pom.xml                      | 2 +-
 plugins/outofbandmanagement-drivers/ipmitool/pom.xml        | 2 +-
 .../outofbandmanagement-drivers/nested-cloudstack/pom.xml   | 2 +-
 plugins/outofbandmanagement-drivers/redfish/pom.xml         | 2 +-
 plugins/pom.xml                                             | 2 +-
 plugins/storage-allocators/random/pom.xml                   | 2 +-
 plugins/storage/image/default/pom.xml                       | 2 +-
 plugins/storage/image/s3/pom.xml                            | 2 +-
 plugins/storage/image/sample/pom.xml                        | 2 +-
 plugins/storage/image/swift/pom.xml                         | 2 +-
 plugins/storage/volume/cloudbyte/pom.xml                    | 2 +-
 plugins/storage/volume/datera/pom.xml                       | 2 +-
 plugins/storage/volume/default/pom.xml                      | 2 +-
 plugins/storage/volume/linstor/pom.xml                      | 2 +-
 plugins/storage/volume/nexenta/pom.xml                      | 2 +-
 plugins/storage/volume/sample/pom.xml                       | 2 +-
 plugins/storage/volume/scaleio/pom.xml                      | 2 +-
 plugins/storage/volume/solidfire/pom.xml                    | 2 +-
 plugins/storage/volume/storpool/pom.xml                     | 2 +-
 plugins/user-authenticators/ldap/pom.xml                    | 2 +-
 plugins/user-authenticators/md5/pom.xml                     | 2 +-
 plugins/user-authenticators/pbkdf2/pom.xml                  | 2 +-
 plugins/user-authenticators/plain-text/pom.xml              | 2 +-
 plugins/user-authenticators/saml2/pom.xml                   | 2 +-
 plugins/user-authenticators/sha256salted/pom.xml            | 2 +-
 plugins/user-two-factor-authenticators/static-pin/pom.xml   | 2 +-
 plugins/user-two-factor-authenticators/totp/pom.xml         | 2 +-
 pom.xml                                                     | 2 +-
 quickcloud/pom.xml                                          | 2 +-
 server/pom.xml                                              | 2 +-
 services/console-proxy/pom.xml                              | 2 +-
 services/console-proxy/rdpconsole/pom.xml                   | 2 +-
 services/console-proxy/server/pom.xml                       | 2 +-
 services/pom.xml                                            | 2 +-
 services/secondary-storage/controller/pom.xml               | 2 +-
 services/secondary-storage/pom.xml                          | 2 +-
 services/secondary-storage/server/pom.xml                   | 2 +-
 systemvm/pom.xml                                            | 2 +-
 test/pom.xml                                                | 2 +-
 tools/apidoc/pom.xml                                        | 2 +-
 tools/checkstyle/pom.xml                                    | 2 +-
 tools/devcloud-kvm/pom.xml                                  | 2 +-
 tools/devcloud4/pom.xml                                     | 2 +-
 tools/marvin/pom.xml                                        | 2 +-
 tools/pom.xml                                               | 2 +-
 usage/pom.xml                                               | 2 +-
 utils/pom.xml                                               | 2 +-
 vmware-base/pom.xml                                         | 2 +-
 141 files changed, 148 insertions(+), 142 deletions(-)

diff --git a/agent/pom.xml b/agent/pom.xml
index 8e5ce34ead6f..8744b00f584f 100644
--- a/agent/pom.xml
+++ b/agent/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
     </parent>
     <dependencies>
         <dependency>
diff --git a/api/pom.xml b/api/pom.xml
index 9abe33f5f2e7..8b3958375b51 100644
--- a/api/pom.xml
+++ b/api/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
     </parent>
     <dependencies>
         <dependency>
diff --git a/client/pom.xml b/client/pom.xml
index 72aaef06bf26..c9ee60ec96fa 100644
--- a/client/pom.xml
+++ b/client/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
     </parent>
     <repositories>
         <repository>
diff --git a/core/pom.xml b/core/pom.xml
index 5f3b700a2ec5..2ca00934c961 100644
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
     </parent>
     <dependencies>
         <dependency>
diff --git a/debian/changelog b/debian/changelog
index 0e00be00556a..5afb868f9e1b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+cloudstack (4.18.2.1) unstable; urgency=low
+
+  * Update the version to 4.18.2.1
+
+ -- the Apache CloudStack project <dev@cloudstack.apache.org>  Thu, 04 Jul 2024 16:16:56 +0530
+
 cloudstack (4.18.2.0) unstable; urgency=low
 
   * Update the version to 4.18.2.0
diff --git a/developer/pom.xml b/developer/pom.xml
index ae1478791acf..f801fd91b23a 100644
--- a/developer/pom.xml
+++ b/developer/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
     </parent>
     <dependencies>
         <dependency>
diff --git a/engine/api/pom.xml b/engine/api/pom.xml
index 0d82a0934ba3..6e39e8e075d7 100644
--- a/engine/api/pom.xml
+++ b/engine/api/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/components-api/pom.xml b/engine/components-api/pom.xml
index 08e76eff9716..172630385bbe 100644
--- a/engine/components-api/pom.xml
+++ b/engine/components-api/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/orchestration/pom.xml b/engine/orchestration/pom.xml
index 5dc6652e2571..232e0d5dc3dd 100755
--- a/engine/orchestration/pom.xml
+++ b/engine/orchestration/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/pom.xml b/engine/pom.xml
index fe705a2e28e2..a53a00b6fb49 100644
--- a/engine/pom.xml
+++ b/engine/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <build>
diff --git a/engine/schema/pom.xml b/engine/schema/pom.xml
index bf6d692e4dc2..38bab143994a 100644
--- a/engine/schema/pom.xml
+++ b/engine/schema/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/service/pom.xml b/engine/service/pom.xml
index 37fe927e8e5f..2b4c165cbe99 100644
--- a/engine/service/pom.xml
+++ b/engine/service/pom.xml
@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
     </parent>
     <artifactId>cloud-engine-service</artifactId>
     <packaging>war</packaging>
diff --git a/engine/storage/cache/pom.xml b/engine/storage/cache/pom.xml
index af52d38fbdfa..6083c352f9c5 100644
--- a/engine/storage/cache/pom.xml
+++ b/engine/storage/cache/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/storage/configdrive/pom.xml b/engine/storage/configdrive/pom.xml
index baae787ee4c6..d64ab8ebc59a 100644
--- a/engine/storage/configdrive/pom.xml
+++ b/engine/storage/configdrive/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/storage/datamotion/pom.xml b/engine/storage/datamotion/pom.xml
index 82c4422e4451..4efdc097701e 100644
--- a/engine/storage/datamotion/pom.xml
+++ b/engine/storage/datamotion/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/storage/image/pom.xml b/engine/storage/image/pom.xml
index 185cda917185..0c0fc21fc23b 100644
--- a/engine/storage/image/pom.xml
+++ b/engine/storage/image/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/storage/integration-test/pom.xml b/engine/storage/integration-test/pom.xml
index 511e0bba7ed2..f6cc032648a8 100644
--- a/engine/storage/integration-test/pom.xml
+++ b/engine/storage/integration-test/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/storage/pom.xml b/engine/storage/pom.xml
index ec80c31eb435..e1c0ca666b45 100644
--- a/engine/storage/pom.xml
+++ b/engine/storage/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/storage/snapshot/pom.xml b/engine/storage/snapshot/pom.xml
index f3910ee1ca1e..908fba405231 100644
--- a/engine/storage/snapshot/pom.xml
+++ b/engine/storage/snapshot/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/storage/volume/pom.xml b/engine/storage/volume/pom.xml
index 606cf1c6570e..a510276963bd 100644
--- a/engine/storage/volume/pom.xml
+++ b/engine/storage/volume/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/agent-lb/pom.xml b/framework/agent-lb/pom.xml
index 46f575b700aa..dbcd47c20834 100644
--- a/framework/agent-lb/pom.xml
+++ b/framework/agent-lb/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <artifactId>cloudstack-framework</artifactId>
         <groupId>org.apache.cloudstack</groupId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/framework/ca/pom.xml b/framework/ca/pom.xml
index f7d3ea5456b5..57665d610d83 100644
--- a/framework/ca/pom.xml
+++ b/framework/ca/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/framework/cluster/pom.xml b/framework/cluster/pom.xml
index e40425ad9385..be7ce8b7541b 100644
--- a/framework/cluster/pom.xml
+++ b/framework/cluster/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/config/pom.xml b/framework/config/pom.xml
index 5f69563a72dd..76355ef3b5fb 100644
--- a/framework/config/pom.xml
+++ b/framework/config/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/db/pom.xml b/framework/db/pom.xml
index 73608f274641..906e9c040bbc 100644
--- a/framework/db/pom.xml
+++ b/framework/db/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/direct-download/pom.xml b/framework/direct-download/pom.xml
index 3d649c72e06a..fb4cbd47595d 100644
--- a/framework/direct-download/pom.xml
+++ b/framework/direct-download/pom.xml
@@ -25,14 +25,14 @@
         <dependency>
             <groupId>org.apache.cloudstack</groupId>
             <artifactId>cloud-utils</artifactId>
-            <version>4.18.2.0</version>
+            <version>4.18.2.1</version>
             <scope>compile</scope>
         </dependency>
     </dependencies>
     <parent>
         <artifactId>cloudstack-framework</artifactId>
         <groupId>org.apache.cloudstack</groupId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 </project>
\ No newline at end of file
diff --git a/framework/events/pom.xml b/framework/events/pom.xml
index 82077bc1067f..4f4e570fe2cf 100644
--- a/framework/events/pom.xml
+++ b/framework/events/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/ipc/pom.xml b/framework/ipc/pom.xml
index c48b587543d6..3af16c327727 100644
--- a/framework/ipc/pom.xml
+++ b/framework/ipc/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/jobs/pom.xml b/framework/jobs/pom.xml
index 37f30f78eaa0..cb0c1c2e3069 100644
--- a/framework/jobs/pom.xml
+++ b/framework/jobs/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/managed-context/pom.xml b/framework/managed-context/pom.xml
index dc763da73ff9..1383870a7dad 100644
--- a/framework/managed-context/pom.xml
+++ b/framework/managed-context/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/pom.xml b/framework/pom.xml
index d7257df652d8..4f3c19850967 100644
--- a/framework/pom.xml
+++ b/framework/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
     </parent>
     <build>
         <plugins>
diff --git a/framework/quota/pom.xml b/framework/quota/pom.xml
index ad0721b9a2da..92abcb30b260 100644
--- a/framework/quota/pom.xml
+++ b/framework/quota/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/rest/pom.xml b/framework/rest/pom.xml
index 8d3d4b083f73..5335883db274 100644
--- a/framework/rest/pom.xml
+++ b/framework/rest/pom.xml
@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <artifactId>cloud-framework-rest</artifactId>
diff --git a/framework/security/pom.xml b/framework/security/pom.xml
index bf6ed0f8173e..7f3f46169265 100644
--- a/framework/security/pom.xml
+++ b/framework/security/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/spring/lifecycle/pom.xml b/framework/spring/lifecycle/pom.xml
index d74b811f0a86..8dc7bd6c4bf4 100644
--- a/framework/spring/lifecycle/pom.xml
+++ b/framework/spring/lifecycle/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/spring/module/pom.xml b/framework/spring/module/pom.xml
index c88976edae8b..bc649834ed62 100644
--- a/framework/spring/module/pom.xml
+++ b/framework/spring/module/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/acl/dynamic-role-based/pom.xml b/plugins/acl/dynamic-role-based/pom.xml
index ddea7a2a4aeb..dc1353b40b23 100644
--- a/plugins/acl/dynamic-role-based/pom.xml
+++ b/plugins/acl/dynamic-role-based/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/acl/project-role-based/pom.xml b/plugins/acl/project-role-based/pom.xml
index 641087faa1a8..b8d6cb403868 100644
--- a/plugins/acl/project-role-based/pom.xml
+++ b/plugins/acl/project-role-based/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/acl/static-role-based/pom.xml b/plugins/acl/static-role-based/pom.xml
index 8c177f006dcf..d06754879617 100644
--- a/plugins/acl/static-role-based/pom.xml
+++ b/plugins/acl/static-role-based/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/affinity-group-processors/explicit-dedication/pom.xml b/plugins/affinity-group-processors/explicit-dedication/pom.xml
index be20f0086058..8c7c3426854e 100644
--- a/plugins/affinity-group-processors/explicit-dedication/pom.xml
+++ b/plugins/affinity-group-processors/explicit-dedication/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/affinity-group-processors/host-affinity/pom.xml b/plugins/affinity-group-processors/host-affinity/pom.xml
index 44adc427d615..83cfd77c2625 100644
--- a/plugins/affinity-group-processors/host-affinity/pom.xml
+++ b/plugins/affinity-group-processors/host-affinity/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/affinity-group-processors/host-anti-affinity/pom.xml b/plugins/affinity-group-processors/host-anti-affinity/pom.xml
index 9645f8d99776..7ae16313b2e8 100644
--- a/plugins/affinity-group-processors/host-anti-affinity/pom.xml
+++ b/plugins/affinity-group-processors/host-anti-affinity/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/affinity-group-processors/non-strict-host-affinity/pom.xml b/plugins/affinity-group-processors/non-strict-host-affinity/pom.xml
index 4ec855180ff8..73657cd3db30 100644
--- a/plugins/affinity-group-processors/non-strict-host-affinity/pom.xml
+++ b/plugins/affinity-group-processors/non-strict-host-affinity/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/affinity-group-processors/non-strict-host-anti-affinity/pom.xml b/plugins/affinity-group-processors/non-strict-host-anti-affinity/pom.xml
index 2b2268832a59..be4fff6315a7 100644
--- a/plugins/affinity-group-processors/non-strict-host-anti-affinity/pom.xml
+++ b/plugins/affinity-group-processors/non-strict-host-anti-affinity/pom.xml
@@ -25,14 +25,14 @@
         <dependency>
             <groupId>org.apache.cloudstack</groupId>
             <artifactId>cloud-plugin-non-strict-host-affinity</artifactId>
-            <version>4.18.2.0</version>
+            <version>4.18.2.1</version>
             <scope>compile</scope>
         </dependency>
     </dependencies>
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/alert-handlers/snmp-alerts/pom.xml b/plugins/alert-handlers/snmp-alerts/pom.xml
index d33765766434..fcb65da3fec0 100644
--- a/plugins/alert-handlers/snmp-alerts/pom.xml
+++ b/plugins/alert-handlers/snmp-alerts/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <artifactId>cloudstack-plugins</artifactId>
         <groupId>org.apache.cloudstack</groupId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/alert-handlers/syslog-alerts/pom.xml b/plugins/alert-handlers/syslog-alerts/pom.xml
index 7743c7f8f90a..fa0897bc04cc 100644
--- a/plugins/alert-handlers/syslog-alerts/pom.xml
+++ b/plugins/alert-handlers/syslog-alerts/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <artifactId>cloudstack-plugins</artifactId>
         <groupId>org.apache.cloudstack</groupId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/api/discovery/pom.xml b/plugins/api/discovery/pom.xml
index 58e7d9cf68c3..a561edc1ee56 100644
--- a/plugins/api/discovery/pom.xml
+++ b/plugins/api/discovery/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/api/rate-limit/pom.xml b/plugins/api/rate-limit/pom.xml
index ce6fa116aea8..c568911cd944 100644
--- a/plugins/api/rate-limit/pom.xml
+++ b/plugins/api/rate-limit/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <build>
diff --git a/plugins/api/solidfire-intg-test/pom.xml b/plugins/api/solidfire-intg-test/pom.xml
index 8ae804f6ef3c..345d81735191 100644
--- a/plugins/api/solidfire-intg-test/pom.xml
+++ b/plugins/api/solidfire-intg-test/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/api/vmware-sioc/pom.xml b/plugins/api/vmware-sioc/pom.xml
index 304c00a42fc0..8cd02d81c519 100644
--- a/plugins/api/vmware-sioc/pom.xml
+++ b/plugins/api/vmware-sioc/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/backup/dummy/pom.xml b/plugins/backup/dummy/pom.xml
index 900e27b44391..154b97791f41 100644
--- a/plugins/backup/dummy/pom.xml
+++ b/plugins/backup/dummy/pom.xml
@@ -23,7 +23,7 @@
     <parent>
         <artifactId>cloudstack-plugins</artifactId>
         <groupId>org.apache.cloudstack</groupId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/backup/networker/pom.xml b/plugins/backup/networker/pom.xml
index d150442b133c..edfe7fa434dc 100644
--- a/plugins/backup/networker/pom.xml
+++ b/plugins/backup/networker/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <artifactId>cloudstack-plugins</artifactId>
         <groupId>org.apache.cloudstack</groupId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/backup/veeam/pom.xml b/plugins/backup/veeam/pom.xml
index a7535ce529d5..602b10fcd6ce 100644
--- a/plugins/backup/veeam/pom.xml
+++ b/plugins/backup/veeam/pom.xml
@@ -23,7 +23,7 @@
   <parent>
     <artifactId>cloudstack-plugins</artifactId>
     <groupId>org.apache.cloudstack</groupId>
-    <version>4.18.2.0</version>
+    <version>4.18.2.1</version>
     <relativePath>../../pom.xml</relativePath>
   </parent>
 
diff --git a/plugins/ca/root-ca/pom.xml b/plugins/ca/root-ca/pom.xml
index a07a90975250..f6ee168a4bfe 100644
--- a/plugins/ca/root-ca/pom.xml
+++ b/plugins/ca/root-ca/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/database/mysql-ha/pom.xml b/plugins/database/mysql-ha/pom.xml
index 550221762c80..964ef3331457 100644
--- a/plugins/database/mysql-ha/pom.xml
+++ b/plugins/database/mysql-ha/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/database/quota/pom.xml b/plugins/database/quota/pom.xml
index 91b03374e712..964225c9f0e4 100644
--- a/plugins/database/quota/pom.xml
+++ b/plugins/database/quota/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/dedicated-resources/pom.xml b/plugins/dedicated-resources/pom.xml
index 43e182f15196..cfc1bb4904ff 100644
--- a/plugins/dedicated-resources/pom.xml
+++ b/plugins/dedicated-resources/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/deployment-planners/implicit-dedication/pom.xml b/plugins/deployment-planners/implicit-dedication/pom.xml
index 4efeea3eba3c..928a387e7dc2 100644
--- a/plugins/deployment-planners/implicit-dedication/pom.xml
+++ b/plugins/deployment-planners/implicit-dedication/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/deployment-planners/user-concentrated-pod/pom.xml b/plugins/deployment-planners/user-concentrated-pod/pom.xml
index 9e6109f9d14a..1d4d065a329b 100644
--- a/plugins/deployment-planners/user-concentrated-pod/pom.xml
+++ b/plugins/deployment-planners/user-concentrated-pod/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/deployment-planners/user-dispersing/pom.xml b/plugins/deployment-planners/user-dispersing/pom.xml
index 0e477f3a7ba6..63b6d63f4ffc 100644
--- a/plugins/deployment-planners/user-dispersing/pom.xml
+++ b/plugins/deployment-planners/user-dispersing/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/event-bus/inmemory/pom.xml b/plugins/event-bus/inmemory/pom.xml
index fd8fc84426d2..41c9d06dd55b 100644
--- a/plugins/event-bus/inmemory/pom.xml
+++ b/plugins/event-bus/inmemory/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/event-bus/kafka/pom.xml b/plugins/event-bus/kafka/pom.xml
index 054ab5649dbc..a69203a0d145 100644
--- a/plugins/event-bus/kafka/pom.xml
+++ b/plugins/event-bus/kafka/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/event-bus/rabbitmq/pom.xml b/plugins/event-bus/rabbitmq/pom.xml
index 39e1f39c9263..963f90f398ea 100644
--- a/plugins/event-bus/rabbitmq/pom.xml
+++ b/plugins/event-bus/rabbitmq/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/ha-planners/skip-heurestics/pom.xml b/plugins/ha-planners/skip-heurestics/pom.xml
index 2d55d2ad5338..811c3d73da24 100644
--- a/plugins/ha-planners/skip-heurestics/pom.xml
+++ b/plugins/ha-planners/skip-heurestics/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/host-allocators/random/pom.xml b/plugins/host-allocators/random/pom.xml
index 009aad27ce1d..20a5f722b88a 100644
--- a/plugins/host-allocators/random/pom.xml
+++ b/plugins/host-allocators/random/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/hypervisors/baremetal/pom.xml b/plugins/hypervisors/baremetal/pom.xml
index 9ac6ad12a748..582f50bd3673 100755
--- a/plugins/hypervisors/baremetal/pom.xml
+++ b/plugins/hypervisors/baremetal/pom.xml
@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <artifactId>cloud-plugin-hypervisor-baremetal</artifactId>
diff --git a/plugins/hypervisors/hyperv/pom.xml b/plugins/hypervisors/hyperv/pom.xml
index 9026da8586da..7bf4fd633120 100644
--- a/plugins/hypervisors/hyperv/pom.xml
+++ b/plugins/hypervisors/hyperv/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <properties>
diff --git a/plugins/hypervisors/kvm/pom.xml b/plugins/hypervisors/kvm/pom.xml
index 9547d300e764..719563f631e6 100644
--- a/plugins/hypervisors/kvm/pom.xml
+++ b/plugins/hypervisors/kvm/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/hypervisors/ovm/pom.xml b/plugins/hypervisors/ovm/pom.xml
index 4a5be202ae4e..70915b322345 100644
--- a/plugins/hypervisors/ovm/pom.xml
+++ b/plugins/hypervisors/ovm/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/hypervisors/ovm3/pom.xml b/plugins/hypervisors/ovm3/pom.xml
index 42f4e6902b28..b4c5f7c8ba49 100644
--- a/plugins/hypervisors/ovm3/pom.xml
+++ b/plugins/hypervisors/ovm3/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/hypervisors/simulator/pom.xml b/plugins/hypervisors/simulator/pom.xml
index c930ffdf5cd2..ea2cdbf48901 100644
--- a/plugins/hypervisors/simulator/pom.xml
+++ b/plugins/hypervisors/simulator/pom.xml
@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <artifactId>cloud-plugin-hypervisor-simulator</artifactId>
diff --git a/plugins/hypervisors/ucs/pom.xml b/plugins/hypervisors/ucs/pom.xml
index 1fa566f72157..9d23d25f4f75 100644
--- a/plugins/hypervisors/ucs/pom.xml
+++ b/plugins/hypervisors/ucs/pom.xml
@@ -23,7 +23,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <artifactId>cloud-plugin-hypervisor-ucs</artifactId>
diff --git a/plugins/hypervisors/vmware/pom.xml b/plugins/hypervisors/vmware/pom.xml
index 0eebbab7f8d0..fce4e770d3f4 100644
--- a/plugins/hypervisors/vmware/pom.xml
+++ b/plugins/hypervisors/vmware/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/hypervisors/xenserver/pom.xml b/plugins/hypervisors/xenserver/pom.xml
index 4cce4b50a9a3..f9140377fa9b 100644
--- a/plugins/hypervisors/xenserver/pom.xml
+++ b/plugins/hypervisors/xenserver/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/integrations/cloudian/pom.xml b/plugins/integrations/cloudian/pom.xml
index 92018a69a839..1840d96d12f3 100644
--- a/plugins/integrations/cloudian/pom.xml
+++ b/plugins/integrations/cloudian/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/integrations/kubernetes-service/pom.xml b/plugins/integrations/kubernetes-service/pom.xml
index 153ac7c2a363..8ce4693c8d74 100644
--- a/plugins/integrations/kubernetes-service/pom.xml
+++ b/plugins/integrations/kubernetes-service/pom.xml
@@ -26,7 +26,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/integrations/prometheus/pom.xml b/plugins/integrations/prometheus/pom.xml
index d409bccdded4..e9f1f1239c4f 100644
--- a/plugins/integrations/prometheus/pom.xml
+++ b/plugins/integrations/prometheus/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/metrics/pom.xml b/plugins/metrics/pom.xml
index 891655f19e67..1aacce08b620 100644
--- a/plugins/metrics/pom.xml
+++ b/plugins/metrics/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/network-elements/bigswitch/pom.xml b/plugins/network-elements/bigswitch/pom.xml
index cd9e2e828693..4a9678c5aeb3 100644
--- a/plugins/network-elements/bigswitch/pom.xml
+++ b/plugins/network-elements/bigswitch/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/network-elements/brocade-vcs/pom.xml b/plugins/network-elements/brocade-vcs/pom.xml
index 8280c0dbc856..f7f9231c0ee5 100644
--- a/plugins/network-elements/brocade-vcs/pom.xml
+++ b/plugins/network-elements/brocade-vcs/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <build>
diff --git a/plugins/network-elements/cisco-vnmc/pom.xml b/plugins/network-elements/cisco-vnmc/pom.xml
index 9d59383ac1c0..ee463848d9e1 100644
--- a/plugins/network-elements/cisco-vnmc/pom.xml
+++ b/plugins/network-elements/cisco-vnmc/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/network-elements/dns-notifier/pom.xml b/plugins/network-elements/dns-notifier/pom.xml
index 6606af6ce22d..0d99940a036a 100644
--- a/plugins/network-elements/dns-notifier/pom.xml
+++ b/plugins/network-elements/dns-notifier/pom.xml
@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <artifactId>cloud-plugin-example-dns-notifier</artifactId>
diff --git a/plugins/network-elements/elastic-loadbalancer/pom.xml b/plugins/network-elements/elastic-loadbalancer/pom.xml
index da8dabb2072e..adfb33b80015 100644
--- a/plugins/network-elements/elastic-loadbalancer/pom.xml
+++ b/plugins/network-elements/elastic-loadbalancer/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/network-elements/globodns/pom.xml b/plugins/network-elements/globodns/pom.xml
index e1cdcf6da094..600a6ff19023 100644
--- a/plugins/network-elements/globodns/pom.xml
+++ b/plugins/network-elements/globodns/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/network-elements/internal-loadbalancer/pom.xml b/plugins/network-elements/internal-loadbalancer/pom.xml
index 48fa497a0242..dbe03c2182bd 100644
--- a/plugins/network-elements/internal-loadbalancer/pom.xml
+++ b/plugins/network-elements/internal-loadbalancer/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/network-elements/juniper-contrail/pom.xml b/plugins/network-elements/juniper-contrail/pom.xml
index 3462c3d4268c..06c532973149 100644
--- a/plugins/network-elements/juniper-contrail/pom.xml
+++ b/plugins/network-elements/juniper-contrail/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <repositories>
diff --git a/plugins/network-elements/netscaler/pom.xml b/plugins/network-elements/netscaler/pom.xml
index 8c529122fe51..22c21cf52d8d 100644
--- a/plugins/network-elements/netscaler/pom.xml
+++ b/plugins/network-elements/netscaler/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/network-elements/nicira-nvp/pom.xml b/plugins/network-elements/nicira-nvp/pom.xml
index d4d069d19d4a..bcd6c946c8e9 100644
--- a/plugins/network-elements/nicira-nvp/pom.xml
+++ b/plugins/network-elements/nicira-nvp/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/network-elements/opendaylight/pom.xml b/plugins/network-elements/opendaylight/pom.xml
index fc17ec115198..b78e5a9ccff9 100644
--- a/plugins/network-elements/opendaylight/pom.xml
+++ b/plugins/network-elements/opendaylight/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <profiles>
diff --git a/plugins/network-elements/ovs/pom.xml b/plugins/network-elements/ovs/pom.xml
index 2b44bdeda8cf..1e08956fd392 100644
--- a/plugins/network-elements/ovs/pom.xml
+++ b/plugins/network-elements/ovs/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/network-elements/palo-alto/pom.xml b/plugins/network-elements/palo-alto/pom.xml
index b2c996e300db..703026815dba 100644
--- a/plugins/network-elements/palo-alto/pom.xml
+++ b/plugins/network-elements/palo-alto/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/network-elements/stratosphere-ssp/pom.xml b/plugins/network-elements/stratosphere-ssp/pom.xml
index 9d0df91cd748..500bdb55bd9e 100644
--- a/plugins/network-elements/stratosphere-ssp/pom.xml
+++ b/plugins/network-elements/stratosphere-ssp/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/network-elements/tungsten/pom.xml b/plugins/network-elements/tungsten/pom.xml
index 1a3fabeee5d1..cb5780e24f52 100644
--- a/plugins/network-elements/tungsten/pom.xml
+++ b/plugins/network-elements/tungsten/pom.xml
@@ -26,7 +26,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
diff --git a/plugins/network-elements/vxlan/pom.xml b/plugins/network-elements/vxlan/pom.xml
index f65933ac8ceb..0394869df11c 100644
--- a/plugins/network-elements/vxlan/pom.xml
+++ b/plugins/network-elements/vxlan/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/outofbandmanagement-drivers/ipmitool/pom.xml b/plugins/outofbandmanagement-drivers/ipmitool/pom.xml
index cd185419d680..8e42c40b2717 100644
--- a/plugins/outofbandmanagement-drivers/ipmitool/pom.xml
+++ b/plugins/outofbandmanagement-drivers/ipmitool/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/outofbandmanagement-drivers/nested-cloudstack/pom.xml b/plugins/outofbandmanagement-drivers/nested-cloudstack/pom.xml
index 3d7cd527cf96..894ba626b336 100644
--- a/plugins/outofbandmanagement-drivers/nested-cloudstack/pom.xml
+++ b/plugins/outofbandmanagement-drivers/nested-cloudstack/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/outofbandmanagement-drivers/redfish/pom.xml b/plugins/outofbandmanagement-drivers/redfish/pom.xml
index ac4559a2fe31..e950f68cd3b8 100644
--- a/plugins/outofbandmanagement-drivers/redfish/pom.xml
+++ b/plugins/outofbandmanagement-drivers/redfish/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/pom.xml b/plugins/pom.xml
index 82788e308629..e8b61824558c 100755
--- a/plugins/pom.xml
+++ b/plugins/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
     </parent>
     <build>
         <plugins>
diff --git a/plugins/storage-allocators/random/pom.xml b/plugins/storage-allocators/random/pom.xml
index 04972d333c35..5d75ec80240a 100644
--- a/plugins/storage-allocators/random/pom.xml
+++ b/plugins/storage-allocators/random/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/image/default/pom.xml b/plugins/storage/image/default/pom.xml
index e0697f548f07..0603a15a70ff 100644
--- a/plugins/storage/image/default/pom.xml
+++ b/plugins/storage/image/default/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/image/s3/pom.xml b/plugins/storage/image/s3/pom.xml
index 780ead3aa3a9..24da4b04ac54 100644
--- a/plugins/storage/image/s3/pom.xml
+++ b/plugins/storage/image/s3/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/image/sample/pom.xml b/plugins/storage/image/sample/pom.xml
index 6c15672a6a6f..207e8824d13e 100644
--- a/plugins/storage/image/sample/pom.xml
+++ b/plugins/storage/image/sample/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/image/swift/pom.xml b/plugins/storage/image/swift/pom.xml
index f5cf6a09b2ed..a48208ac1291 100644
--- a/plugins/storage/image/swift/pom.xml
+++ b/plugins/storage/image/swift/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/volume/cloudbyte/pom.xml b/plugins/storage/volume/cloudbyte/pom.xml
index cf0137d98ce5..82d7da38ec46 100644
--- a/plugins/storage/volume/cloudbyte/pom.xml
+++ b/plugins/storage/volume/cloudbyte/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/volume/datera/pom.xml b/plugins/storage/volume/datera/pom.xml
index 347b0bf941b8..140cd77afcbb 100644
--- a/plugins/storage/volume/datera/pom.xml
+++ b/plugins/storage/volume/datera/pom.xml
@@ -16,7 +16,7 @@
   <parent>
     <groupId>org.apache.cloudstack</groupId>
     <artifactId>cloudstack-plugins</artifactId>
-    <version>4.18.2.0</version>
+    <version>4.18.2.1</version>
     <relativePath>../../../pom.xml</relativePath>
   </parent>
   <dependencies>
diff --git a/plugins/storage/volume/default/pom.xml b/plugins/storage/volume/default/pom.xml
index c91cb5e8744f..fd80c47489ff 100644
--- a/plugins/storage/volume/default/pom.xml
+++ b/plugins/storage/volume/default/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/volume/linstor/pom.xml b/plugins/storage/volume/linstor/pom.xml
index 9276f23846cb..aa1922ac3c8b 100644
--- a/plugins/storage/volume/linstor/pom.xml
+++ b/plugins/storage/volume/linstor/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/volume/nexenta/pom.xml b/plugins/storage/volume/nexenta/pom.xml
index 069123afa2fb..2cc4325e75f4 100644
--- a/plugins/storage/volume/nexenta/pom.xml
+++ b/plugins/storage/volume/nexenta/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/volume/sample/pom.xml b/plugins/storage/volume/sample/pom.xml
index ab6d5d610193..7ea5bc2c7901 100644
--- a/plugins/storage/volume/sample/pom.xml
+++ b/plugins/storage/volume/sample/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/volume/scaleio/pom.xml b/plugins/storage/volume/scaleio/pom.xml
index c8945d57fb4e..01cbf043de27 100644
--- a/plugins/storage/volume/scaleio/pom.xml
+++ b/plugins/storage/volume/scaleio/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/volume/solidfire/pom.xml b/plugins/storage/volume/solidfire/pom.xml
index fa35ba071434..16513b84c11f 100644
--- a/plugins/storage/volume/solidfire/pom.xml
+++ b/plugins/storage/volume/solidfire/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/volume/storpool/pom.xml b/plugins/storage/volume/storpool/pom.xml
index a5fe63ef19cf..11013359782c 100644
--- a/plugins/storage/volume/storpool/pom.xml
+++ b/plugins/storage/volume/storpool/pom.xml
@@ -17,7 +17,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/user-authenticators/ldap/pom.xml b/plugins/user-authenticators/ldap/pom.xml
index 74f5313cff92..a833c832d1ae 100644
--- a/plugins/user-authenticators/ldap/pom.xml
+++ b/plugins/user-authenticators/ldap/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
diff --git a/plugins/user-authenticators/md5/pom.xml b/plugins/user-authenticators/md5/pom.xml
index 26c8aac82198..74657bb24709 100644
--- a/plugins/user-authenticators/md5/pom.xml
+++ b/plugins/user-authenticators/md5/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/user-authenticators/pbkdf2/pom.xml b/plugins/user-authenticators/pbkdf2/pom.xml
index 24f6920894bf..998cdbf36a1a 100644
--- a/plugins/user-authenticators/pbkdf2/pom.xml
+++ b/plugins/user-authenticators/pbkdf2/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/user-authenticators/plain-text/pom.xml b/plugins/user-authenticators/plain-text/pom.xml
index 2849b71ce958..6546af87584a 100644
--- a/plugins/user-authenticators/plain-text/pom.xml
+++ b/plugins/user-authenticators/plain-text/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/user-authenticators/saml2/pom.xml b/plugins/user-authenticators/saml2/pom.xml
index a4e3021f5d80..ed7df70a1fe0 100644
--- a/plugins/user-authenticators/saml2/pom.xml
+++ b/plugins/user-authenticators/saml2/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/user-authenticators/sha256salted/pom.xml b/plugins/user-authenticators/sha256salted/pom.xml
index 2b888e62facf..b9676ecc68a1 100644
--- a/plugins/user-authenticators/sha256salted/pom.xml
+++ b/plugins/user-authenticators/sha256salted/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/user-two-factor-authenticators/static-pin/pom.xml b/plugins/user-two-factor-authenticators/static-pin/pom.xml
index e4df652c872f..7c63b8ccccfb 100644
--- a/plugins/user-two-factor-authenticators/static-pin/pom.xml
+++ b/plugins/user-two-factor-authenticators/static-pin/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
\ No newline at end of file
diff --git a/plugins/user-two-factor-authenticators/totp/pom.xml b/plugins/user-two-factor-authenticators/totp/pom.xml
index 48b48b22e57f..868516193117 100644
--- a/plugins/user-two-factor-authenticators/totp/pom.xml
+++ b/plugins/user-two-factor-authenticators/totp/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index 932af8da94d6..67f08227e1be 100644
--- a/pom.xml
+++ b/pom.xml
@@ -29,7 +29,7 @@
 
     <groupId>org.apache.cloudstack</groupId>
     <artifactId>cloudstack</artifactId>
-    <version>4.18.2.0</version>
+    <version>4.18.2.1</version>
     <packaging>pom</packaging>
     <name>Apache CloudStack</name>
     <description>Apache CloudStack is an IaaS ("Infrastructure as a Service") cloud orchestration platform.</description>
diff --git a/quickcloud/pom.xml b/quickcloud/pom.xml
index a3731e87e2a6..811f09bf47ff 100644
--- a/quickcloud/pom.xml
+++ b/quickcloud/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/server/pom.xml b/server/pom.xml
index 69773b703405..c28b0947ff42 100644
--- a/server/pom.xml
+++ b/server/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
     </parent>
     <repositories>
         <repository>
diff --git a/services/console-proxy/pom.xml b/services/console-proxy/pom.xml
index 6eface4e5e43..53c476af2bcf 100644
--- a/services/console-proxy/pom.xml
+++ b/services/console-proxy/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-services</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <build>
diff --git a/services/console-proxy/rdpconsole/pom.xml b/services/console-proxy/rdpconsole/pom.xml
index 05b8c6570035..f18a8c18fd89 100644
--- a/services/console-proxy/rdpconsole/pom.xml
+++ b/services/console-proxy/rdpconsole/pom.xml
@@ -26,7 +26,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-service-console-proxy</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/services/console-proxy/server/pom.xml b/services/console-proxy/server/pom.xml
index ee9dda1d13b4..8e0752f3c8aa 100644
--- a/services/console-proxy/server/pom.xml
+++ b/services/console-proxy/server/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-service-console-proxy</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/services/pom.xml b/services/pom.xml
index 75c78a2a711d..4c18da9bb2af 100644
--- a/services/pom.xml
+++ b/services/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <build>
diff --git a/services/secondary-storage/controller/pom.xml b/services/secondary-storage/controller/pom.xml
index cd550ec73ac8..dd74a635f777 100644
--- a/services/secondary-storage/controller/pom.xml
+++ b/services/secondary-storage/controller/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-service-secondary-storage</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/services/secondary-storage/pom.xml b/services/secondary-storage/pom.xml
index a0a5d75e64a8..29ad948255e7 100644
--- a/services/secondary-storage/pom.xml
+++ b/services/secondary-storage/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-services</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <build>
diff --git a/services/secondary-storage/server/pom.xml b/services/secondary-storage/server/pom.xml
index 9768640082cc..f83575db62da 100644
--- a/services/secondary-storage/server/pom.xml
+++ b/services/secondary-storage/server/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-service-secondary-storage</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/systemvm/pom.xml b/systemvm/pom.xml
index c8b3fbef8647..ab7b62441b7f 100644
--- a/systemvm/pom.xml
+++ b/systemvm/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <properties>
diff --git a/test/pom.xml b/test/pom.xml
index edf230013361..d676230037d3 100644
--- a/test/pom.xml
+++ b/test/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
     </parent>
     <dependencies>
         <dependency>
diff --git a/tools/apidoc/pom.xml b/tools/apidoc/pom.xml
index 79b7e322e23d..31aa0d0d5a2f 100644
--- a/tools/apidoc/pom.xml
+++ b/tools/apidoc/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-tools</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <properties>
diff --git a/tools/checkstyle/pom.xml b/tools/checkstyle/pom.xml
index f36c151c4d58..f745f5881e63 100644
--- a/tools/checkstyle/pom.xml
+++ b/tools/checkstyle/pom.xml
@@ -22,7 +22,7 @@
     <name>Apache CloudStack Developer Tools - Checkstyle Configuration</name>
     <groupId>org.apache.cloudstack</groupId>
     <artifactId>checkstyle</artifactId>
-    <version>4.18.2.0</version>
+    <version>4.18.2.1</version>
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
diff --git a/tools/devcloud-kvm/pom.xml b/tools/devcloud-kvm/pom.xml
index ef5e36d29e80..32a73787206f 100644
--- a/tools/devcloud-kvm/pom.xml
+++ b/tools/devcloud-kvm/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-tools</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/tools/devcloud4/pom.xml b/tools/devcloud4/pom.xml
index 791fce4e3bf2..550d11785b43 100644
--- a/tools/devcloud4/pom.xml
+++ b/tools/devcloud4/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-tools</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/tools/marvin/pom.xml b/tools/marvin/pom.xml
index caaa22260048..f99b93e791d5 100644
--- a/tools/marvin/pom.xml
+++ b/tools/marvin/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-tools</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/tools/pom.xml b/tools/pom.xml
index b047ab96c7ca..ac6b9cd23276 100644
--- a/tools/pom.xml
+++ b/tools/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <build>
diff --git a/usage/pom.xml b/usage/pom.xml
index f64813a3fa94..f39ac6e72e55 100644
--- a/usage/pom.xml
+++ b/usage/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
     </parent>
     <dependencies>
         <dependency>
diff --git a/utils/pom.xml b/utils/pom.xml
index 766eed66dd70..963230d64a52 100755
--- a/utils/pom.xml
+++ b/utils/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/vmware-base/pom.xml b/vmware-base/pom.xml
index 0ee115006a3a..a342d9f4ddf2 100644
--- a/vmware-base/pom.xml
+++ b/vmware-base/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.0</version>
+        <version>4.18.2.1</version>
     </parent>
     <dependencies>
         <dependency>

From f0faa4a6b3023f7e0b24d072c0a6de3a81dedfed Mon Sep 17 00:00:00 2001
From: Abhishek Kumar <abhishek.mrt22@gmail.com>
Date: Mon, 15 Jul 2024 17:33:05 +0530
Subject: [PATCH 03/24] saml: signature check improvements

Adminstrators should ensure that IDP configuration has a signing certificate for the actual signature check to be performed. In addition to this, this change introduces a new global setting saml2.check.signature, with the default value of true, which can deliberately fail a SAML login attempt when the SAML response has a missing signature.
Purges the SAML token upon handling the first SAML response.

Authored-by: Rohit Yadav <rohit.yadav@shapeblue.com>

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
---
 .../SAML2LoginAPIAuthenticatorCmd.java        | 16 ++++--
 .../cloudstack/saml/SAML2AuthManager.java     | 50 ++++++++++---------
 .../cloudstack/saml/SAML2AuthManagerImpl.java |  9 +++-
 .../SAML2LoginAPIAuthenticatorCmdTest.java    | 24 +++++++++
 4 files changed, 72 insertions(+), 27 deletions(-)

diff --git a/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java b/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
index 6bb3e788a95c..332e06027844 100644
--- a/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
+++ b/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
@@ -144,6 +144,14 @@ public Response processSAMLResponse(String responseMessage) {
         return responseObject;
     }
 
+    protected void checkAndFailOnMissingSAMLSignature(Signature signature) {
+        if (signature == null && SAML2AuthManager.SAMLCheckSignature.value()) {
+            s_logger.error("Failing SAML login due to missing signature in the SAML response and signature check is enforced. " +
+                    "Please check and ensure the IDP configuration has signing certificate or relax the saml2.check.signature setting.");
+            throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Signature is missing from the SAML Response. Please contact the Administrator");
+        }
+    }
+
     @Override
     public String authenticate(final String command, final Map<String, Object[]> params, final HttpSession session, final InetAddress remoteAddress, final String responseType, final StringBuilder auditTrailSb, final HttpServletRequest req, final HttpServletResponse resp) throws ServerApiException {
         try {
@@ -220,11 +228,13 @@ public String authenticate(final String command, final Map<String, Object[]> par
                             "Received SAML response for a SSO request that we may not have made or has expired, please try logging in again",
                             params, responseType));
                 }
+                samlAuthManager.purgeToken(token);
 
                 // Set IdpId for this session
                 session.setAttribute(SAMLPluginConstants.SAML_IDPID, issuer.getValue());
 
                 Signature sig = processedSAMLResponse.getSignature();
+                checkAndFailOnMissingSAMLSignature(sig);
                 if (idpMetadata.getSigningCertificate() != null && sig != null) {
                     BasicX509Credential credential = new BasicX509Credential();
                     credential.setEntityCertificate(idpMetadata.getSigningCertificate());
@@ -238,9 +248,8 @@ public String authenticate(final String command, final Map<String, Object[]> par
                                 params, responseType));
                     }
                 }
-                if (username == null) {
-                    username = SAMLUtils.getValueFromAssertions(processedSAMLResponse.getAssertions(), SAML2AuthManager.SAMLUserAttributeName.value());
-                }
+
+                username = SAMLUtils.getValueFromAssertions(processedSAMLResponse.getAssertions(), SAML2AuthManager.SAMLUserAttributeName.value());
 
                 for (Assertion assertion: processedSAMLResponse.getAssertions()) {
                     if (assertion!= null && assertion.getSubject() != null && assertion.getSubject().getNameID() != null) {
@@ -272,6 +281,7 @@ public String authenticate(final String command, final Map<String, Object[]> par
                                 continue;
                             }
                             Signature encSig = assertion.getSignature();
+                            checkAndFailOnMissingSAMLSignature(encSig);
                             if (idpMetadata.getSigningCertificate() != null && encSig != null) {
                                 BasicX509Credential sigCredential = new BasicX509Credential();
                                 sigCredential.setEntityCertificate(idpMetadata.getSigningCertificate());
diff --git a/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAML2AuthManager.java b/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAML2AuthManager.java
index e52a7e32695f..3a4030f9c0d8 100644
--- a/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAML2AuthManager.java
+++ b/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAML2AuthManager.java
@@ -25,59 +25,63 @@
 
 public interface SAML2AuthManager extends PluggableAPIAuthenticator, PluggableService {
 
-    public static final ConfigKey<Boolean> SAMLIsPluginEnabled = new ConfigKey<Boolean>("Advanced", Boolean.class, "saml2.enabled", "false",
+    ConfigKey<Boolean> SAMLIsPluginEnabled = new ConfigKey<Boolean>("Advanced", Boolean.class, "saml2.enabled", "false",
             "Indicates whether SAML SSO plugin is enabled or not", true);
 
-    public static final ConfigKey<String> SAMLServiceProviderID = new ConfigKey<String>("Advanced", String.class, "saml2.sp.id", "org.apache.cloudstack",
+    ConfigKey<String> SAMLServiceProviderID = new ConfigKey<String>("Advanced", String.class, "saml2.sp.id", "org.apache.cloudstack",
             "SAML2 Service Provider Identifier String", true);
 
-    public static final ConfigKey<String> SAMLServiceProviderContactPersonName = new ConfigKey<String>("Advanced", String.class, "saml2.sp.contact.person", "CloudStack Developers",
+    ConfigKey<String> SAMLServiceProviderContactPersonName = new ConfigKey<String>("Advanced", String.class, "saml2.sp.contact.person", "CloudStack Developers",
             "SAML2 Service Provider Contact Person Name", true);
 
-    public static final ConfigKey<String> SAMLServiceProviderContactEmail = new ConfigKey<String>("Advanced", String.class, "saml2.sp.contact.email", "dev@cloudstack.apache.org",
+    ConfigKey<String> SAMLServiceProviderContactEmail = new ConfigKey<String>("Advanced", String.class, "saml2.sp.contact.email", "dev@cloudstack.apache.org",
             "SAML2 Service Provider Contact Email Address", true);
 
-    public static final ConfigKey<String> SAMLServiceProviderOrgName = new ConfigKey<String>("Advanced", String.class, "saml2.sp.org.name", "Apache CloudStack",
+    ConfigKey<String> SAMLServiceProviderOrgName = new ConfigKey<String>("Advanced", String.class, "saml2.sp.org.name", "Apache CloudStack",
             "SAML2 Service Provider Organization Name", true);
 
-    public static final ConfigKey<String> SAMLServiceProviderOrgUrl = new ConfigKey<String>("Advanced", String.class, "saml2.sp.org.url", "http://cloudstack.apache.org",
+    ConfigKey<String> SAMLServiceProviderOrgUrl = new ConfigKey<String>("Advanced", String.class, "saml2.sp.org.url", "http://cloudstack.apache.org",
             "SAML2 Service Provider Organization URL", true);
 
-    public static final ConfigKey<String> SAMLServiceProviderSingleSignOnURL = new ConfigKey<String>("Advanced", String.class, "saml2.sp.sso.url", "http://localhost:8080/client/api?command=samlSso",
+    ConfigKey<String> SAMLServiceProviderSingleSignOnURL = new ConfigKey<String>("Advanced", String.class, "saml2.sp.sso.url", "http://localhost:8080/client/api?command=samlSso",
             "SAML2 CloudStack Service Provider Single Sign On URL", true);
 
-    public static final ConfigKey<String> SAMLServiceProviderSingleLogOutURL = new ConfigKey<String>("Advanced", String.class, "saml2.sp.slo.url", "http://localhost:8080/client/",
+    ConfigKey<String> SAMLServiceProviderSingleLogOutURL = new ConfigKey<String>("Advanced", String.class, "saml2.sp.slo.url", "http://localhost:8080/client/",
             "SAML2 CloudStack Service Provider Single Log Out URL", true);
 
-    public static final ConfigKey<String> SAMLCloudStackRedirectionUrl = new ConfigKey<String>("Advanced", String.class, "saml2.redirect.url", "http://localhost:8080/client",
+    ConfigKey<String> SAMLCloudStackRedirectionUrl = new ConfigKey<String>("Advanced", String.class, "saml2.redirect.url", "http://localhost:8080/client",
             "The CloudStack UI url the SSO should redirected to when successful", true);
 
-    public static final ConfigKey<String> SAMLUserAttributeName = new ConfigKey<String>("Advanced", String.class, "saml2.user.attribute", "uid",
+    ConfigKey<String> SAMLUserAttributeName = new ConfigKey<String>("Advanced", String.class, "saml2.user.attribute", "uid",
             "Attribute name to be looked for in SAML response that will contain the username", true);
 
-    public static final ConfigKey<String> SAMLIdentityProviderMetadataURL = new ConfigKey<String>("Advanced", String.class, "saml2.idp.metadata.url", "https://openidp.feide.no/simplesaml/saml2/idp/metadata.php",
+    ConfigKey<String> SAMLIdentityProviderMetadataURL = new ConfigKey<String>("Advanced", String.class, "saml2.idp.metadata.url", "https://openidp.feide.no/simplesaml/saml2/idp/metadata.php",
             "SAML2 Identity Provider Metadata XML Url", true);
 
-    public static final ConfigKey<String> SAMLDefaultIdentityProviderId = new ConfigKey<String>("Advanced", String.class, "saml2.default.idpid", "https://openidp.feide.no",
+    ConfigKey<String> SAMLDefaultIdentityProviderId = new ConfigKey<String>("Advanced", String.class, "saml2.default.idpid", "https://openidp.feide.no",
             "The default IdP entity ID to use only in case of multiple IdPs", true);
 
-    public static final ConfigKey<String> SAMLSignatureAlgorithm = new ConfigKey<>(String.class, "saml2.sigalg", "Advanced", "SHA1",
+    ConfigKey<String> SAMLSignatureAlgorithm = new ConfigKey<>(String.class, "saml2.sigalg", "Advanced", "SHA1",
             "The algorithm to use to when signing a SAML request. Default is SHA1, allowed algorithms: SHA1, SHA256, SHA384, SHA512", true, ConfigKey.Scope.Global, null, null, null, null, null, ConfigKey.Kind.Select, "SHA1,SHA256,SHA384,SHA512");
 
-    public static final ConfigKey<Boolean> SAMLAppendDomainSuffix = new ConfigKey<Boolean>("Advanced", Boolean.class, "saml2.append.idpdomain", "false",
+    ConfigKey<Boolean> SAMLAppendDomainSuffix = new ConfigKey<Boolean>("Advanced", Boolean.class, "saml2.append.idpdomain", "false",
             "If enabled, create account/user dialog with SAML SSO enabled will append the IdP domain to the user or account name in the UI dialog", true);
 
-    public static final ConfigKey<Integer> SAMLTimeout = new ConfigKey<Integer>("Advanced", Integer.class, "saml2.timeout", "1800",
+    ConfigKey<Integer> SAMLTimeout = new ConfigKey<Integer>("Advanced", Integer.class, "saml2.timeout", "1800",
             "SAML2 IDP Metadata refresh interval in seconds, minimum value is set to 300", true);
 
-    public SAMLProviderMetadata getSPMetadata();
-    public SAMLProviderMetadata getIdPMetadata(String entityId);
-    public Collection<SAMLProviderMetadata> getAllIdPMetadata();
+    ConfigKey<Boolean> SAMLCheckSignature = new ConfigKey<Boolean>("Advanced", Boolean.class, "saml2.check.signature", "true",
+            "When enabled (default and recommended), SAML2 signature checks are enforced and lack of signature in the SAML SSO response will cause login exception. Disabling this is not advisable but provided for backward compatibility for users who are able to accept the risks.", false);
 
-    public boolean isUserAuthorized(Long userId, String entityId);
-    public boolean authorizeUser(Long userId, String entityId, boolean enable);
+    SAMLProviderMetadata getSPMetadata();
+    SAMLProviderMetadata getIdPMetadata(String entityId);
+    Collection<SAMLProviderMetadata> getAllIdPMetadata();
 
-    public void saveToken(String authnId, String domain, String entity);
-    public SAMLTokenVO getToken(String authnId);
-    public void expireTokens();
+    boolean isUserAuthorized(Long userId, String entityId);
+    boolean authorizeUser(Long userId, String entityId, boolean enable);
+
+    void saveToken(String authnId, String domain, String entity);
+    SAMLTokenVO getToken(String authnId);
+    void purgeToken(SAMLTokenVO token);
+    void expireTokens();
 }
diff --git a/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java b/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java
index ba85b151eea9..dfa76414fb74 100644
--- a/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java
+++ b/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java
@@ -487,6 +487,13 @@ public SAMLTokenVO getToken(String authnId) {
         return _samlTokenDao.findByUuid(authnId);
     }
 
+    @Override
+    public void purgeToken(SAMLTokenVO token) {
+        if (token != null) {
+            _samlTokenDao.remove(token.getId());
+        }
+    }
+
     @Override
     public void expireTokens() {
         _samlTokenDao.expireTokens();
@@ -535,6 +542,6 @@ public ConfigKey<?>[] getConfigKeys() {
                 SAMLServiceProviderSingleSignOnURL, SAMLServiceProviderSingleLogOutURL,
                 SAMLCloudStackRedirectionUrl, SAMLUserAttributeName,
                 SAMLIdentityProviderMetadataURL, SAMLDefaultIdentityProviderId,
-                SAMLSignatureAlgorithm, SAMLAppendDomainSuffix, SAMLTimeout};
+                SAMLSignatureAlgorithm, SAMLAppendDomainSuffix, SAMLTimeout, SAMLCheckSignature};
     }
 }
diff --git a/plugins/user-authenticators/saml2/src/test/java/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmdTest.java b/plugins/user-authenticators/saml2/src/test/java/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmdTest.java
index 39c8c231bf01..48a3139052dd 100644
--- a/plugins/user-authenticators/saml2/src/test/java/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmdTest.java
+++ b/plugins/user-authenticators/saml2/src/test/java/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmdTest.java
@@ -271,6 +271,30 @@ public void whenFailToAuthenticateThrowExceptionOrRedirectToUrlTestSaml2FailedLo
         verifyTestWhenFailToAuthenticateThrowExceptionOrRedirectToUrl(false, hasThrownServerApiException, 0, 0);
     }
 
+    private void overrideDefaultConfigValue(final ConfigKey configKey, final String name, final Object o) throws IllegalAccessException, NoSuchFieldException {
+        Field f = ConfigKey.class.getDeclaredField(name);
+        f.setAccessible(true);
+        f.set(configKey, o);
+    }
+
+    @Test
+    public void testFailOnSAMLSignatureCheckWhenFalse() throws NoSuchFieldException, IllegalAccessException {
+        overrideDefaultConfigValue(SAML2AuthManager.SAMLCheckSignature, "_value", false);
+        SAML2LoginAPIAuthenticatorCmd cmd = new SAML2LoginAPIAuthenticatorCmd();
+        try {
+            cmd.checkAndFailOnMissingSAMLSignature(null);
+        } catch(Exception e) {
+            Assert.fail("This shouldn't throw any exception");
+        }
+    }
+
+    @Test(expected = ServerApiException.class)
+    public void testFailOnSAMLSignatureCheckWhenTrue() throws NoSuchFieldException, IllegalAccessException {
+        overrideDefaultConfigValue(SAML2AuthManager.SAMLCheckSignature, "_value", true);
+        SAML2LoginAPIAuthenticatorCmd cmd = new SAML2LoginAPIAuthenticatorCmd();
+        cmd.checkAndFailOnMissingSAMLSignature(null);
+    }
+
     private UserAccountVO configureTestWhenFailToAuthenticateThrowExceptionOrRedirectToUrl(String entity, String configurationValue, Boolean isUserAuthorized)
             throws IOException {
         Mockito.when(samlAuthManager.isUserAuthorized(nullable(Long.class), nullable(String.class))).thenReturn(isUserAuthorized);

From 22baf2494d670afc0a87ef1eee40bd08223c58a3 Mon Sep 17 00:00:00 2001
From: Abhishek Kumar <abhishek.mrt22@gmail.com>
Date: Mon, 15 Jul 2024 17:37:07 +0530
Subject: [PATCH 04/24] Updating pom.xml version numbers for release 4.18.2.2

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
---
 agent/pom.xml                                               | 2 +-
 api/pom.xml                                                 | 2 +-
 client/pom.xml                                              | 2 +-
 core/pom.xml                                                | 2 +-
 debian/changelog                                            | 6 ++++++
 developer/pom.xml                                           | 2 +-
 engine/api/pom.xml                                          | 2 +-
 engine/components-api/pom.xml                               | 2 +-
 engine/orchestration/pom.xml                                | 2 +-
 engine/pom.xml                                              | 2 +-
 engine/schema/pom.xml                                       | 2 +-
 engine/service/pom.xml                                      | 2 +-
 engine/storage/cache/pom.xml                                | 2 +-
 engine/storage/configdrive/pom.xml                          | 2 +-
 engine/storage/datamotion/pom.xml                           | 2 +-
 engine/storage/image/pom.xml                                | 2 +-
 engine/storage/integration-test/pom.xml                     | 2 +-
 engine/storage/pom.xml                                      | 2 +-
 engine/storage/snapshot/pom.xml                             | 2 +-
 engine/storage/volume/pom.xml                               | 2 +-
 framework/agent-lb/pom.xml                                  | 2 +-
 framework/ca/pom.xml                                        | 2 +-
 framework/cluster/pom.xml                                   | 2 +-
 framework/config/pom.xml                                    | 2 +-
 framework/db/pom.xml                                        | 2 +-
 framework/direct-download/pom.xml                           | 4 ++--
 framework/events/pom.xml                                    | 2 +-
 framework/ipc/pom.xml                                       | 2 +-
 framework/jobs/pom.xml                                      | 2 +-
 framework/managed-context/pom.xml                           | 2 +-
 framework/pom.xml                                           | 2 +-
 framework/quota/pom.xml                                     | 2 +-
 framework/rest/pom.xml                                      | 2 +-
 framework/security/pom.xml                                  | 2 +-
 framework/spring/lifecycle/pom.xml                          | 2 +-
 framework/spring/module/pom.xml                             | 2 +-
 plugins/acl/dynamic-role-based/pom.xml                      | 2 +-
 plugins/acl/project-role-based/pom.xml                      | 2 +-
 plugins/acl/static-role-based/pom.xml                       | 2 +-
 .../affinity-group-processors/explicit-dedication/pom.xml   | 2 +-
 plugins/affinity-group-processors/host-affinity/pom.xml     | 2 +-
 .../affinity-group-processors/host-anti-affinity/pom.xml    | 2 +-
 .../non-strict-host-affinity/pom.xml                        | 2 +-
 .../non-strict-host-anti-affinity/pom.xml                   | 4 ++--
 plugins/alert-handlers/snmp-alerts/pom.xml                  | 2 +-
 plugins/alert-handlers/syslog-alerts/pom.xml                | 2 +-
 plugins/api/discovery/pom.xml                               | 2 +-
 plugins/api/rate-limit/pom.xml                              | 2 +-
 plugins/api/solidfire-intg-test/pom.xml                     | 2 +-
 plugins/api/vmware-sioc/pom.xml                             | 2 +-
 plugins/backup/dummy/pom.xml                                | 2 +-
 plugins/backup/networker/pom.xml                            | 2 +-
 plugins/backup/veeam/pom.xml                                | 2 +-
 plugins/ca/root-ca/pom.xml                                  | 2 +-
 plugins/database/mysql-ha/pom.xml                           | 2 +-
 plugins/database/quota/pom.xml                              | 2 +-
 plugins/dedicated-resources/pom.xml                         | 2 +-
 plugins/deployment-planners/implicit-dedication/pom.xml     | 2 +-
 plugins/deployment-planners/user-concentrated-pod/pom.xml   | 2 +-
 plugins/deployment-planners/user-dispersing/pom.xml         | 2 +-
 plugins/event-bus/inmemory/pom.xml                          | 2 +-
 plugins/event-bus/kafka/pom.xml                             | 2 +-
 plugins/event-bus/rabbitmq/pom.xml                          | 2 +-
 plugins/ha-planners/skip-heurestics/pom.xml                 | 2 +-
 plugins/host-allocators/random/pom.xml                      | 2 +-
 plugins/hypervisors/baremetal/pom.xml                       | 2 +-
 plugins/hypervisors/hyperv/pom.xml                          | 2 +-
 plugins/hypervisors/kvm/pom.xml                             | 2 +-
 plugins/hypervisors/ovm/pom.xml                             | 2 +-
 plugins/hypervisors/ovm3/pom.xml                            | 2 +-
 plugins/hypervisors/simulator/pom.xml                       | 2 +-
 plugins/hypervisors/ucs/pom.xml                             | 2 +-
 plugins/hypervisors/vmware/pom.xml                          | 2 +-
 plugins/hypervisors/xenserver/pom.xml                       | 2 +-
 plugins/integrations/cloudian/pom.xml                       | 2 +-
 plugins/integrations/kubernetes-service/pom.xml             | 2 +-
 plugins/integrations/prometheus/pom.xml                     | 2 +-
 plugins/metrics/pom.xml                                     | 2 +-
 plugins/network-elements/bigswitch/pom.xml                  | 2 +-
 plugins/network-elements/brocade-vcs/pom.xml                | 2 +-
 plugins/network-elements/cisco-vnmc/pom.xml                 | 2 +-
 plugins/network-elements/dns-notifier/pom.xml               | 2 +-
 plugins/network-elements/elastic-loadbalancer/pom.xml       | 2 +-
 plugins/network-elements/globodns/pom.xml                   | 2 +-
 plugins/network-elements/internal-loadbalancer/pom.xml      | 2 +-
 plugins/network-elements/juniper-contrail/pom.xml           | 2 +-
 plugins/network-elements/netscaler/pom.xml                  | 2 +-
 plugins/network-elements/nicira-nvp/pom.xml                 | 2 +-
 plugins/network-elements/opendaylight/pom.xml               | 2 +-
 plugins/network-elements/ovs/pom.xml                        | 2 +-
 plugins/network-elements/palo-alto/pom.xml                  | 2 +-
 plugins/network-elements/stratosphere-ssp/pom.xml           | 2 +-
 plugins/network-elements/tungsten/pom.xml                   | 2 +-
 plugins/network-elements/vxlan/pom.xml                      | 2 +-
 plugins/outofbandmanagement-drivers/ipmitool/pom.xml        | 2 +-
 .../outofbandmanagement-drivers/nested-cloudstack/pom.xml   | 2 +-
 plugins/outofbandmanagement-drivers/redfish/pom.xml         | 2 +-
 plugins/pom.xml                                             | 2 +-
 plugins/storage-allocators/random/pom.xml                   | 2 +-
 plugins/storage/image/default/pom.xml                       | 2 +-
 plugins/storage/image/s3/pom.xml                            | 2 +-
 plugins/storage/image/sample/pom.xml                        | 2 +-
 plugins/storage/image/swift/pom.xml                         | 2 +-
 plugins/storage/volume/cloudbyte/pom.xml                    | 2 +-
 plugins/storage/volume/datera/pom.xml                       | 2 +-
 plugins/storage/volume/default/pom.xml                      | 2 +-
 plugins/storage/volume/linstor/pom.xml                      | 2 +-
 plugins/storage/volume/nexenta/pom.xml                      | 2 +-
 plugins/storage/volume/sample/pom.xml                       | 2 +-
 plugins/storage/volume/scaleio/pom.xml                      | 2 +-
 plugins/storage/volume/solidfire/pom.xml                    | 2 +-
 plugins/storage/volume/storpool/pom.xml                     | 2 +-
 plugins/user-authenticators/ldap/pom.xml                    | 2 +-
 plugins/user-authenticators/md5/pom.xml                     | 2 +-
 plugins/user-authenticators/pbkdf2/pom.xml                  | 2 +-
 plugins/user-authenticators/plain-text/pom.xml              | 2 +-
 plugins/user-authenticators/saml2/pom.xml                   | 2 +-
 plugins/user-authenticators/sha256salted/pom.xml            | 2 +-
 plugins/user-two-factor-authenticators/static-pin/pom.xml   | 2 +-
 plugins/user-two-factor-authenticators/totp/pom.xml         | 2 +-
 pom.xml                                                     | 2 +-
 quickcloud/pom.xml                                          | 2 +-
 server/pom.xml                                              | 2 +-
 services/console-proxy/pom.xml                              | 2 +-
 services/console-proxy/rdpconsole/pom.xml                   | 2 +-
 services/console-proxy/server/pom.xml                       | 2 +-
 services/pom.xml                                            | 2 +-
 services/secondary-storage/controller/pom.xml               | 2 +-
 services/secondary-storage/pom.xml                          | 2 +-
 services/secondary-storage/server/pom.xml                   | 2 +-
 systemvm/pom.xml                                            | 2 +-
 test/pom.xml                                                | 2 +-
 tools/apidoc/pom.xml                                        | 2 +-
 tools/checkstyle/pom.xml                                    | 2 +-
 tools/devcloud-kvm/pom.xml                                  | 2 +-
 tools/devcloud4/pom.xml                                     | 2 +-
 tools/marvin/pom.xml                                        | 2 +-
 tools/pom.xml                                               | 2 +-
 usage/pom.xml                                               | 2 +-
 utils/pom.xml                                               | 2 +-
 vmware-base/pom.xml                                         | 2 +-
 141 files changed, 148 insertions(+), 142 deletions(-)

diff --git a/agent/pom.xml b/agent/pom.xml
index 8744b00f584f..f6667517cf6f 100644
--- a/agent/pom.xml
+++ b/agent/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
     </parent>
     <dependencies>
         <dependency>
diff --git a/api/pom.xml b/api/pom.xml
index 8b3958375b51..b3fd802be435 100644
--- a/api/pom.xml
+++ b/api/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
     </parent>
     <dependencies>
         <dependency>
diff --git a/client/pom.xml b/client/pom.xml
index c9ee60ec96fa..0f6ce1a2a2db 100644
--- a/client/pom.xml
+++ b/client/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
     </parent>
     <repositories>
         <repository>
diff --git a/core/pom.xml b/core/pom.xml
index 2ca00934c961..bb069317aa97 100644
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
     </parent>
     <dependencies>
         <dependency>
diff --git a/debian/changelog b/debian/changelog
index 5afb868f9e1b..a09c2c506500 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+cloudstack (4.18.2.2) unstable; urgency=low
+
+  * Update the version to 4.18.2.2
+
+ -- the Apache CloudStack project <dev@cloudstack.apache.org>  Mon, 15 Jul 2024 17:37:07 +0530
+
 cloudstack (4.18.2.1) unstable; urgency=low
 
   * Update the version to 4.18.2.1
diff --git a/developer/pom.xml b/developer/pom.xml
index f801fd91b23a..21c2ff39a52c 100644
--- a/developer/pom.xml
+++ b/developer/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
     </parent>
     <dependencies>
         <dependency>
diff --git a/engine/api/pom.xml b/engine/api/pom.xml
index 6e39e8e075d7..7bacb63845c7 100644
--- a/engine/api/pom.xml
+++ b/engine/api/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/components-api/pom.xml b/engine/components-api/pom.xml
index 172630385bbe..c043ece39bcd 100644
--- a/engine/components-api/pom.xml
+++ b/engine/components-api/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/orchestration/pom.xml b/engine/orchestration/pom.xml
index 232e0d5dc3dd..a13df3c3d2e1 100755
--- a/engine/orchestration/pom.xml
+++ b/engine/orchestration/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/pom.xml b/engine/pom.xml
index a53a00b6fb49..db69f62f6cdc 100644
--- a/engine/pom.xml
+++ b/engine/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <build>
diff --git a/engine/schema/pom.xml b/engine/schema/pom.xml
index 38bab143994a..8408ab923cb8 100644
--- a/engine/schema/pom.xml
+++ b/engine/schema/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/service/pom.xml b/engine/service/pom.xml
index 2b4c165cbe99..efa9b5ad6757 100644
--- a/engine/service/pom.xml
+++ b/engine/service/pom.xml
@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
     </parent>
     <artifactId>cloud-engine-service</artifactId>
     <packaging>war</packaging>
diff --git a/engine/storage/cache/pom.xml b/engine/storage/cache/pom.xml
index 6083c352f9c5..1746c2d34674 100644
--- a/engine/storage/cache/pom.xml
+++ b/engine/storage/cache/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/storage/configdrive/pom.xml b/engine/storage/configdrive/pom.xml
index d64ab8ebc59a..a086006b4155 100644
--- a/engine/storage/configdrive/pom.xml
+++ b/engine/storage/configdrive/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/storage/datamotion/pom.xml b/engine/storage/datamotion/pom.xml
index 4efdc097701e..5f34d624eb96 100644
--- a/engine/storage/datamotion/pom.xml
+++ b/engine/storage/datamotion/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/storage/image/pom.xml b/engine/storage/image/pom.xml
index 0c0fc21fc23b..903dba603d71 100644
--- a/engine/storage/image/pom.xml
+++ b/engine/storage/image/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/storage/integration-test/pom.xml b/engine/storage/integration-test/pom.xml
index f6cc032648a8..71fb56cb78dc 100644
--- a/engine/storage/integration-test/pom.xml
+++ b/engine/storage/integration-test/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/storage/pom.xml b/engine/storage/pom.xml
index e1c0ca666b45..e0cf2d3f71cd 100644
--- a/engine/storage/pom.xml
+++ b/engine/storage/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/storage/snapshot/pom.xml b/engine/storage/snapshot/pom.xml
index 908fba405231..1ffd8ee04dfc 100644
--- a/engine/storage/snapshot/pom.xml
+++ b/engine/storage/snapshot/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/storage/volume/pom.xml b/engine/storage/volume/pom.xml
index a510276963bd..8f1baa97b914 100644
--- a/engine/storage/volume/pom.xml
+++ b/engine/storage/volume/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/agent-lb/pom.xml b/framework/agent-lb/pom.xml
index dbcd47c20834..2cb0e93688a5 100644
--- a/framework/agent-lb/pom.xml
+++ b/framework/agent-lb/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <artifactId>cloudstack-framework</artifactId>
         <groupId>org.apache.cloudstack</groupId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/framework/ca/pom.xml b/framework/ca/pom.xml
index 57665d610d83..279d48cb54f5 100644
--- a/framework/ca/pom.xml
+++ b/framework/ca/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/framework/cluster/pom.xml b/framework/cluster/pom.xml
index be7ce8b7541b..12da4c3fb0e2 100644
--- a/framework/cluster/pom.xml
+++ b/framework/cluster/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/config/pom.xml b/framework/config/pom.xml
index 76355ef3b5fb..58682d279349 100644
--- a/framework/config/pom.xml
+++ b/framework/config/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/db/pom.xml b/framework/db/pom.xml
index 906e9c040bbc..b9813265fb33 100644
--- a/framework/db/pom.xml
+++ b/framework/db/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/direct-download/pom.xml b/framework/direct-download/pom.xml
index fb4cbd47595d..adbf11eec149 100644
--- a/framework/direct-download/pom.xml
+++ b/framework/direct-download/pom.xml
@@ -25,14 +25,14 @@
         <dependency>
             <groupId>org.apache.cloudstack</groupId>
             <artifactId>cloud-utils</artifactId>
-            <version>4.18.2.1</version>
+            <version>4.18.2.2</version>
             <scope>compile</scope>
         </dependency>
     </dependencies>
     <parent>
         <artifactId>cloudstack-framework</artifactId>
         <groupId>org.apache.cloudstack</groupId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 </project>
\ No newline at end of file
diff --git a/framework/events/pom.xml b/framework/events/pom.xml
index 4f4e570fe2cf..06dd7d8dbff2 100644
--- a/framework/events/pom.xml
+++ b/framework/events/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/ipc/pom.xml b/framework/ipc/pom.xml
index 3af16c327727..40a2a388d8ad 100644
--- a/framework/ipc/pom.xml
+++ b/framework/ipc/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/jobs/pom.xml b/framework/jobs/pom.xml
index cb0c1c2e3069..a0833dd4f481 100644
--- a/framework/jobs/pom.xml
+++ b/framework/jobs/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/managed-context/pom.xml b/framework/managed-context/pom.xml
index 1383870a7dad..0c6b8be2e853 100644
--- a/framework/managed-context/pom.xml
+++ b/framework/managed-context/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/pom.xml b/framework/pom.xml
index 4f3c19850967..2be5c24aef6d 100644
--- a/framework/pom.xml
+++ b/framework/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
     </parent>
     <build>
         <plugins>
diff --git a/framework/quota/pom.xml b/framework/quota/pom.xml
index 92abcb30b260..2b68531b73f8 100644
--- a/framework/quota/pom.xml
+++ b/framework/quota/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/rest/pom.xml b/framework/rest/pom.xml
index 5335883db274..96973f42a133 100644
--- a/framework/rest/pom.xml
+++ b/framework/rest/pom.xml
@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <artifactId>cloud-framework-rest</artifactId>
diff --git a/framework/security/pom.xml b/framework/security/pom.xml
index 7f3f46169265..935bc1bda4c8 100644
--- a/framework/security/pom.xml
+++ b/framework/security/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/spring/lifecycle/pom.xml b/framework/spring/lifecycle/pom.xml
index 8dc7bd6c4bf4..b19dc42a007d 100644
--- a/framework/spring/lifecycle/pom.xml
+++ b/framework/spring/lifecycle/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/spring/module/pom.xml b/framework/spring/module/pom.xml
index bc649834ed62..dbf97a910447 100644
--- a/framework/spring/module/pom.xml
+++ b/framework/spring/module/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/acl/dynamic-role-based/pom.xml b/plugins/acl/dynamic-role-based/pom.xml
index dc1353b40b23..7f3461f8b084 100644
--- a/plugins/acl/dynamic-role-based/pom.xml
+++ b/plugins/acl/dynamic-role-based/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/acl/project-role-based/pom.xml b/plugins/acl/project-role-based/pom.xml
index b8d6cb403868..cd589ba8c970 100644
--- a/plugins/acl/project-role-based/pom.xml
+++ b/plugins/acl/project-role-based/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/acl/static-role-based/pom.xml b/plugins/acl/static-role-based/pom.xml
index d06754879617..5fba641f13cc 100644
--- a/plugins/acl/static-role-based/pom.xml
+++ b/plugins/acl/static-role-based/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/affinity-group-processors/explicit-dedication/pom.xml b/plugins/affinity-group-processors/explicit-dedication/pom.xml
index 8c7c3426854e..239e6d36bd64 100644
--- a/plugins/affinity-group-processors/explicit-dedication/pom.xml
+++ b/plugins/affinity-group-processors/explicit-dedication/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/affinity-group-processors/host-affinity/pom.xml b/plugins/affinity-group-processors/host-affinity/pom.xml
index 83cfd77c2625..a4dc0b53d296 100644
--- a/plugins/affinity-group-processors/host-affinity/pom.xml
+++ b/plugins/affinity-group-processors/host-affinity/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/affinity-group-processors/host-anti-affinity/pom.xml b/plugins/affinity-group-processors/host-anti-affinity/pom.xml
index 7ae16313b2e8..9d4f22577b10 100644
--- a/plugins/affinity-group-processors/host-anti-affinity/pom.xml
+++ b/plugins/affinity-group-processors/host-anti-affinity/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/affinity-group-processors/non-strict-host-affinity/pom.xml b/plugins/affinity-group-processors/non-strict-host-affinity/pom.xml
index 73657cd3db30..4a9adb5235d2 100644
--- a/plugins/affinity-group-processors/non-strict-host-affinity/pom.xml
+++ b/plugins/affinity-group-processors/non-strict-host-affinity/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/affinity-group-processors/non-strict-host-anti-affinity/pom.xml b/plugins/affinity-group-processors/non-strict-host-anti-affinity/pom.xml
index be4fff6315a7..b83926f58a70 100644
--- a/plugins/affinity-group-processors/non-strict-host-anti-affinity/pom.xml
+++ b/plugins/affinity-group-processors/non-strict-host-anti-affinity/pom.xml
@@ -25,14 +25,14 @@
         <dependency>
             <groupId>org.apache.cloudstack</groupId>
             <artifactId>cloud-plugin-non-strict-host-affinity</artifactId>
-            <version>4.18.2.1</version>
+            <version>4.18.2.2</version>
             <scope>compile</scope>
         </dependency>
     </dependencies>
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/alert-handlers/snmp-alerts/pom.xml b/plugins/alert-handlers/snmp-alerts/pom.xml
index fcb65da3fec0..1b5b9b793a37 100644
--- a/plugins/alert-handlers/snmp-alerts/pom.xml
+++ b/plugins/alert-handlers/snmp-alerts/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <artifactId>cloudstack-plugins</artifactId>
         <groupId>org.apache.cloudstack</groupId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/alert-handlers/syslog-alerts/pom.xml b/plugins/alert-handlers/syslog-alerts/pom.xml
index fa0897bc04cc..3082c22d5d3b 100644
--- a/plugins/alert-handlers/syslog-alerts/pom.xml
+++ b/plugins/alert-handlers/syslog-alerts/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <artifactId>cloudstack-plugins</artifactId>
         <groupId>org.apache.cloudstack</groupId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/api/discovery/pom.xml b/plugins/api/discovery/pom.xml
index a561edc1ee56..d5c2fdcb7cab 100644
--- a/plugins/api/discovery/pom.xml
+++ b/plugins/api/discovery/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/api/rate-limit/pom.xml b/plugins/api/rate-limit/pom.xml
index c568911cd944..d04b7e6d5821 100644
--- a/plugins/api/rate-limit/pom.xml
+++ b/plugins/api/rate-limit/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <build>
diff --git a/plugins/api/solidfire-intg-test/pom.xml b/plugins/api/solidfire-intg-test/pom.xml
index 345d81735191..e7ae0cf72278 100644
--- a/plugins/api/solidfire-intg-test/pom.xml
+++ b/plugins/api/solidfire-intg-test/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/api/vmware-sioc/pom.xml b/plugins/api/vmware-sioc/pom.xml
index 8cd02d81c519..72eead0699bd 100644
--- a/plugins/api/vmware-sioc/pom.xml
+++ b/plugins/api/vmware-sioc/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/backup/dummy/pom.xml b/plugins/backup/dummy/pom.xml
index 154b97791f41..875aca002361 100644
--- a/plugins/backup/dummy/pom.xml
+++ b/plugins/backup/dummy/pom.xml
@@ -23,7 +23,7 @@
     <parent>
         <artifactId>cloudstack-plugins</artifactId>
         <groupId>org.apache.cloudstack</groupId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/backup/networker/pom.xml b/plugins/backup/networker/pom.xml
index edfe7fa434dc..723440220477 100644
--- a/plugins/backup/networker/pom.xml
+++ b/plugins/backup/networker/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <artifactId>cloudstack-plugins</artifactId>
         <groupId>org.apache.cloudstack</groupId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/backup/veeam/pom.xml b/plugins/backup/veeam/pom.xml
index 602b10fcd6ce..74f5fea53542 100644
--- a/plugins/backup/veeam/pom.xml
+++ b/plugins/backup/veeam/pom.xml
@@ -23,7 +23,7 @@
   <parent>
     <artifactId>cloudstack-plugins</artifactId>
     <groupId>org.apache.cloudstack</groupId>
-    <version>4.18.2.1</version>
+    <version>4.18.2.2</version>
     <relativePath>../../pom.xml</relativePath>
   </parent>
 
diff --git a/plugins/ca/root-ca/pom.xml b/plugins/ca/root-ca/pom.xml
index f6ee168a4bfe..616de0d6a350 100644
--- a/plugins/ca/root-ca/pom.xml
+++ b/plugins/ca/root-ca/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/database/mysql-ha/pom.xml b/plugins/database/mysql-ha/pom.xml
index 964ef3331457..72aa6a1f8caf 100644
--- a/plugins/database/mysql-ha/pom.xml
+++ b/plugins/database/mysql-ha/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/database/quota/pom.xml b/plugins/database/quota/pom.xml
index 964225c9f0e4..19b3ed69f205 100644
--- a/plugins/database/quota/pom.xml
+++ b/plugins/database/quota/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/dedicated-resources/pom.xml b/plugins/dedicated-resources/pom.xml
index cfc1bb4904ff..c453189cb0f5 100644
--- a/plugins/dedicated-resources/pom.xml
+++ b/plugins/dedicated-resources/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/deployment-planners/implicit-dedication/pom.xml b/plugins/deployment-planners/implicit-dedication/pom.xml
index 928a387e7dc2..fc7cadf14bbc 100644
--- a/plugins/deployment-planners/implicit-dedication/pom.xml
+++ b/plugins/deployment-planners/implicit-dedication/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/deployment-planners/user-concentrated-pod/pom.xml b/plugins/deployment-planners/user-concentrated-pod/pom.xml
index 1d4d065a329b..252291fd7e79 100644
--- a/plugins/deployment-planners/user-concentrated-pod/pom.xml
+++ b/plugins/deployment-planners/user-concentrated-pod/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/deployment-planners/user-dispersing/pom.xml b/plugins/deployment-planners/user-dispersing/pom.xml
index 63b6d63f4ffc..ebb32d8474b8 100644
--- a/plugins/deployment-planners/user-dispersing/pom.xml
+++ b/plugins/deployment-planners/user-dispersing/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/event-bus/inmemory/pom.xml b/plugins/event-bus/inmemory/pom.xml
index 41c9d06dd55b..f8a8793f9f56 100644
--- a/plugins/event-bus/inmemory/pom.xml
+++ b/plugins/event-bus/inmemory/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/event-bus/kafka/pom.xml b/plugins/event-bus/kafka/pom.xml
index a69203a0d145..6b26819b4b59 100644
--- a/plugins/event-bus/kafka/pom.xml
+++ b/plugins/event-bus/kafka/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/event-bus/rabbitmq/pom.xml b/plugins/event-bus/rabbitmq/pom.xml
index 963f90f398ea..ed6ff85d5dd8 100644
--- a/plugins/event-bus/rabbitmq/pom.xml
+++ b/plugins/event-bus/rabbitmq/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/ha-planners/skip-heurestics/pom.xml b/plugins/ha-planners/skip-heurestics/pom.xml
index 811c3d73da24..a7e11f3eec1f 100644
--- a/plugins/ha-planners/skip-heurestics/pom.xml
+++ b/plugins/ha-planners/skip-heurestics/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/host-allocators/random/pom.xml b/plugins/host-allocators/random/pom.xml
index 20a5f722b88a..604e074605cd 100644
--- a/plugins/host-allocators/random/pom.xml
+++ b/plugins/host-allocators/random/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/hypervisors/baremetal/pom.xml b/plugins/hypervisors/baremetal/pom.xml
index 582f50bd3673..7edbefecd905 100755
--- a/plugins/hypervisors/baremetal/pom.xml
+++ b/plugins/hypervisors/baremetal/pom.xml
@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <artifactId>cloud-plugin-hypervisor-baremetal</artifactId>
diff --git a/plugins/hypervisors/hyperv/pom.xml b/plugins/hypervisors/hyperv/pom.xml
index 7bf4fd633120..43118bc58e23 100644
--- a/plugins/hypervisors/hyperv/pom.xml
+++ b/plugins/hypervisors/hyperv/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <properties>
diff --git a/plugins/hypervisors/kvm/pom.xml b/plugins/hypervisors/kvm/pom.xml
index 719563f631e6..c3dab8a6cb4c 100644
--- a/plugins/hypervisors/kvm/pom.xml
+++ b/plugins/hypervisors/kvm/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/hypervisors/ovm/pom.xml b/plugins/hypervisors/ovm/pom.xml
index 70915b322345..ea7c0c32f84b 100644
--- a/plugins/hypervisors/ovm/pom.xml
+++ b/plugins/hypervisors/ovm/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/hypervisors/ovm3/pom.xml b/plugins/hypervisors/ovm3/pom.xml
index b4c5f7c8ba49..8d9b6cba5f98 100644
--- a/plugins/hypervisors/ovm3/pom.xml
+++ b/plugins/hypervisors/ovm3/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/hypervisors/simulator/pom.xml b/plugins/hypervisors/simulator/pom.xml
index ea2cdbf48901..3e143881efc3 100644
--- a/plugins/hypervisors/simulator/pom.xml
+++ b/plugins/hypervisors/simulator/pom.xml
@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <artifactId>cloud-plugin-hypervisor-simulator</artifactId>
diff --git a/plugins/hypervisors/ucs/pom.xml b/plugins/hypervisors/ucs/pom.xml
index 9d23d25f4f75..e5e8b7e42655 100644
--- a/plugins/hypervisors/ucs/pom.xml
+++ b/plugins/hypervisors/ucs/pom.xml
@@ -23,7 +23,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <artifactId>cloud-plugin-hypervisor-ucs</artifactId>
diff --git a/plugins/hypervisors/vmware/pom.xml b/plugins/hypervisors/vmware/pom.xml
index fce4e770d3f4..893ce9552985 100644
--- a/plugins/hypervisors/vmware/pom.xml
+++ b/plugins/hypervisors/vmware/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/hypervisors/xenserver/pom.xml b/plugins/hypervisors/xenserver/pom.xml
index f9140377fa9b..a3fd83390a21 100644
--- a/plugins/hypervisors/xenserver/pom.xml
+++ b/plugins/hypervisors/xenserver/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/integrations/cloudian/pom.xml b/plugins/integrations/cloudian/pom.xml
index 1840d96d12f3..85ed1ef01a08 100644
--- a/plugins/integrations/cloudian/pom.xml
+++ b/plugins/integrations/cloudian/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/integrations/kubernetes-service/pom.xml b/plugins/integrations/kubernetes-service/pom.xml
index 8ce4693c8d74..57737416cc19 100644
--- a/plugins/integrations/kubernetes-service/pom.xml
+++ b/plugins/integrations/kubernetes-service/pom.xml
@@ -26,7 +26,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/integrations/prometheus/pom.xml b/plugins/integrations/prometheus/pom.xml
index e9f1f1239c4f..968af0e2f3f9 100644
--- a/plugins/integrations/prometheus/pom.xml
+++ b/plugins/integrations/prometheus/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/metrics/pom.xml b/plugins/metrics/pom.xml
index 1aacce08b620..01a3681564df 100644
--- a/plugins/metrics/pom.xml
+++ b/plugins/metrics/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/network-elements/bigswitch/pom.xml b/plugins/network-elements/bigswitch/pom.xml
index 4a9678c5aeb3..0214a2e257c2 100644
--- a/plugins/network-elements/bigswitch/pom.xml
+++ b/plugins/network-elements/bigswitch/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/network-elements/brocade-vcs/pom.xml b/plugins/network-elements/brocade-vcs/pom.xml
index f7f9231c0ee5..bc4ce9ac6bae 100644
--- a/plugins/network-elements/brocade-vcs/pom.xml
+++ b/plugins/network-elements/brocade-vcs/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <build>
diff --git a/plugins/network-elements/cisco-vnmc/pom.xml b/plugins/network-elements/cisco-vnmc/pom.xml
index ee463848d9e1..b8b540eaed22 100644
--- a/plugins/network-elements/cisco-vnmc/pom.xml
+++ b/plugins/network-elements/cisco-vnmc/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/network-elements/dns-notifier/pom.xml b/plugins/network-elements/dns-notifier/pom.xml
index 0d99940a036a..95799a75e997 100644
--- a/plugins/network-elements/dns-notifier/pom.xml
+++ b/plugins/network-elements/dns-notifier/pom.xml
@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <artifactId>cloud-plugin-example-dns-notifier</artifactId>
diff --git a/plugins/network-elements/elastic-loadbalancer/pom.xml b/plugins/network-elements/elastic-loadbalancer/pom.xml
index adfb33b80015..e9b48b6e45de 100644
--- a/plugins/network-elements/elastic-loadbalancer/pom.xml
+++ b/plugins/network-elements/elastic-loadbalancer/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/network-elements/globodns/pom.xml b/plugins/network-elements/globodns/pom.xml
index 600a6ff19023..30932b367c24 100644
--- a/plugins/network-elements/globodns/pom.xml
+++ b/plugins/network-elements/globodns/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/network-elements/internal-loadbalancer/pom.xml b/plugins/network-elements/internal-loadbalancer/pom.xml
index dbe03c2182bd..cda6a0d23f89 100644
--- a/plugins/network-elements/internal-loadbalancer/pom.xml
+++ b/plugins/network-elements/internal-loadbalancer/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/network-elements/juniper-contrail/pom.xml b/plugins/network-elements/juniper-contrail/pom.xml
index 06c532973149..5510aa845fb0 100644
--- a/plugins/network-elements/juniper-contrail/pom.xml
+++ b/plugins/network-elements/juniper-contrail/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <repositories>
diff --git a/plugins/network-elements/netscaler/pom.xml b/plugins/network-elements/netscaler/pom.xml
index 22c21cf52d8d..28f03475a07d 100644
--- a/plugins/network-elements/netscaler/pom.xml
+++ b/plugins/network-elements/netscaler/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/network-elements/nicira-nvp/pom.xml b/plugins/network-elements/nicira-nvp/pom.xml
index bcd6c946c8e9..9944523f3f7e 100644
--- a/plugins/network-elements/nicira-nvp/pom.xml
+++ b/plugins/network-elements/nicira-nvp/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/network-elements/opendaylight/pom.xml b/plugins/network-elements/opendaylight/pom.xml
index b78e5a9ccff9..c26f675d4191 100644
--- a/plugins/network-elements/opendaylight/pom.xml
+++ b/plugins/network-elements/opendaylight/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <profiles>
diff --git a/plugins/network-elements/ovs/pom.xml b/plugins/network-elements/ovs/pom.xml
index 1e08956fd392..bbcff6bd4570 100644
--- a/plugins/network-elements/ovs/pom.xml
+++ b/plugins/network-elements/ovs/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/network-elements/palo-alto/pom.xml b/plugins/network-elements/palo-alto/pom.xml
index 703026815dba..460b0350e70f 100644
--- a/plugins/network-elements/palo-alto/pom.xml
+++ b/plugins/network-elements/palo-alto/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/network-elements/stratosphere-ssp/pom.xml b/plugins/network-elements/stratosphere-ssp/pom.xml
index 500bdb55bd9e..40a125533621 100644
--- a/plugins/network-elements/stratosphere-ssp/pom.xml
+++ b/plugins/network-elements/stratosphere-ssp/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/network-elements/tungsten/pom.xml b/plugins/network-elements/tungsten/pom.xml
index cb5780e24f52..19bb24a838d7 100644
--- a/plugins/network-elements/tungsten/pom.xml
+++ b/plugins/network-elements/tungsten/pom.xml
@@ -26,7 +26,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
diff --git a/plugins/network-elements/vxlan/pom.xml b/plugins/network-elements/vxlan/pom.xml
index 0394869df11c..159adff3bebd 100644
--- a/plugins/network-elements/vxlan/pom.xml
+++ b/plugins/network-elements/vxlan/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/outofbandmanagement-drivers/ipmitool/pom.xml b/plugins/outofbandmanagement-drivers/ipmitool/pom.xml
index 8e42c40b2717..6c7671735421 100644
--- a/plugins/outofbandmanagement-drivers/ipmitool/pom.xml
+++ b/plugins/outofbandmanagement-drivers/ipmitool/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/outofbandmanagement-drivers/nested-cloudstack/pom.xml b/plugins/outofbandmanagement-drivers/nested-cloudstack/pom.xml
index 894ba626b336..a6e932bf746e 100644
--- a/plugins/outofbandmanagement-drivers/nested-cloudstack/pom.xml
+++ b/plugins/outofbandmanagement-drivers/nested-cloudstack/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/outofbandmanagement-drivers/redfish/pom.xml b/plugins/outofbandmanagement-drivers/redfish/pom.xml
index e950f68cd3b8..a7c5e47cb656 100644
--- a/plugins/outofbandmanagement-drivers/redfish/pom.xml
+++ b/plugins/outofbandmanagement-drivers/redfish/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/pom.xml b/plugins/pom.xml
index e8b61824558c..9431ae71c4b3 100755
--- a/plugins/pom.xml
+++ b/plugins/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
     </parent>
     <build>
         <plugins>
diff --git a/plugins/storage-allocators/random/pom.xml b/plugins/storage-allocators/random/pom.xml
index 5d75ec80240a..ba36eb37e793 100644
--- a/plugins/storage-allocators/random/pom.xml
+++ b/plugins/storage-allocators/random/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/image/default/pom.xml b/plugins/storage/image/default/pom.xml
index 0603a15a70ff..af40fd3f73d8 100644
--- a/plugins/storage/image/default/pom.xml
+++ b/plugins/storage/image/default/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/image/s3/pom.xml b/plugins/storage/image/s3/pom.xml
index 24da4b04ac54..dc9e8a91b460 100644
--- a/plugins/storage/image/s3/pom.xml
+++ b/plugins/storage/image/s3/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/image/sample/pom.xml b/plugins/storage/image/sample/pom.xml
index 207e8824d13e..3066fcb25475 100644
--- a/plugins/storage/image/sample/pom.xml
+++ b/plugins/storage/image/sample/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/image/swift/pom.xml b/plugins/storage/image/swift/pom.xml
index a48208ac1291..54420cf987ab 100644
--- a/plugins/storage/image/swift/pom.xml
+++ b/plugins/storage/image/swift/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/volume/cloudbyte/pom.xml b/plugins/storage/volume/cloudbyte/pom.xml
index 82d7da38ec46..a10ebfce651b 100644
--- a/plugins/storage/volume/cloudbyte/pom.xml
+++ b/plugins/storage/volume/cloudbyte/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/volume/datera/pom.xml b/plugins/storage/volume/datera/pom.xml
index 140cd77afcbb..874f5d30a909 100644
--- a/plugins/storage/volume/datera/pom.xml
+++ b/plugins/storage/volume/datera/pom.xml
@@ -16,7 +16,7 @@
   <parent>
     <groupId>org.apache.cloudstack</groupId>
     <artifactId>cloudstack-plugins</artifactId>
-    <version>4.18.2.1</version>
+    <version>4.18.2.2</version>
     <relativePath>../../../pom.xml</relativePath>
   </parent>
   <dependencies>
diff --git a/plugins/storage/volume/default/pom.xml b/plugins/storage/volume/default/pom.xml
index fd80c47489ff..ad81553d81d9 100644
--- a/plugins/storage/volume/default/pom.xml
+++ b/plugins/storage/volume/default/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/volume/linstor/pom.xml b/plugins/storage/volume/linstor/pom.xml
index aa1922ac3c8b..c41641750c83 100644
--- a/plugins/storage/volume/linstor/pom.xml
+++ b/plugins/storage/volume/linstor/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/volume/nexenta/pom.xml b/plugins/storage/volume/nexenta/pom.xml
index 2cc4325e75f4..dcf4d2e937b6 100644
--- a/plugins/storage/volume/nexenta/pom.xml
+++ b/plugins/storage/volume/nexenta/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/volume/sample/pom.xml b/plugins/storage/volume/sample/pom.xml
index 7ea5bc2c7901..ab5c9fa95c9b 100644
--- a/plugins/storage/volume/sample/pom.xml
+++ b/plugins/storage/volume/sample/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/volume/scaleio/pom.xml b/plugins/storage/volume/scaleio/pom.xml
index 01cbf043de27..88bc34e84cec 100644
--- a/plugins/storage/volume/scaleio/pom.xml
+++ b/plugins/storage/volume/scaleio/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/volume/solidfire/pom.xml b/plugins/storage/volume/solidfire/pom.xml
index 16513b84c11f..16c7f4c53ce4 100644
--- a/plugins/storage/volume/solidfire/pom.xml
+++ b/plugins/storage/volume/solidfire/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/volume/storpool/pom.xml b/plugins/storage/volume/storpool/pom.xml
index 11013359782c..51728640c4f8 100644
--- a/plugins/storage/volume/storpool/pom.xml
+++ b/plugins/storage/volume/storpool/pom.xml
@@ -17,7 +17,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/user-authenticators/ldap/pom.xml b/plugins/user-authenticators/ldap/pom.xml
index a833c832d1ae..d1cfdcab74a9 100644
--- a/plugins/user-authenticators/ldap/pom.xml
+++ b/plugins/user-authenticators/ldap/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
diff --git a/plugins/user-authenticators/md5/pom.xml b/plugins/user-authenticators/md5/pom.xml
index 74657bb24709..dc090744a383 100644
--- a/plugins/user-authenticators/md5/pom.xml
+++ b/plugins/user-authenticators/md5/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/user-authenticators/pbkdf2/pom.xml b/plugins/user-authenticators/pbkdf2/pom.xml
index 998cdbf36a1a..2c7daaa3c0fc 100644
--- a/plugins/user-authenticators/pbkdf2/pom.xml
+++ b/plugins/user-authenticators/pbkdf2/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/user-authenticators/plain-text/pom.xml b/plugins/user-authenticators/plain-text/pom.xml
index 6546af87584a..49ae365cd631 100644
--- a/plugins/user-authenticators/plain-text/pom.xml
+++ b/plugins/user-authenticators/plain-text/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/user-authenticators/saml2/pom.xml b/plugins/user-authenticators/saml2/pom.xml
index ed7df70a1fe0..655f7dcf2df0 100644
--- a/plugins/user-authenticators/saml2/pom.xml
+++ b/plugins/user-authenticators/saml2/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/user-authenticators/sha256salted/pom.xml b/plugins/user-authenticators/sha256salted/pom.xml
index b9676ecc68a1..f3e0918d6a0f 100644
--- a/plugins/user-authenticators/sha256salted/pom.xml
+++ b/plugins/user-authenticators/sha256salted/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/user-two-factor-authenticators/static-pin/pom.xml b/plugins/user-two-factor-authenticators/static-pin/pom.xml
index 7c63b8ccccfb..88fb371fc8c1 100644
--- a/plugins/user-two-factor-authenticators/static-pin/pom.xml
+++ b/plugins/user-two-factor-authenticators/static-pin/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
\ No newline at end of file
diff --git a/plugins/user-two-factor-authenticators/totp/pom.xml b/plugins/user-two-factor-authenticators/totp/pom.xml
index 868516193117..ce481ed4ada8 100644
--- a/plugins/user-two-factor-authenticators/totp/pom.xml
+++ b/plugins/user-two-factor-authenticators/totp/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index 67f08227e1be..05a4c4471904 100644
--- a/pom.xml
+++ b/pom.xml
@@ -29,7 +29,7 @@
 
     <groupId>org.apache.cloudstack</groupId>
     <artifactId>cloudstack</artifactId>
-    <version>4.18.2.1</version>
+    <version>4.18.2.2</version>
     <packaging>pom</packaging>
     <name>Apache CloudStack</name>
     <description>Apache CloudStack is an IaaS ("Infrastructure as a Service") cloud orchestration platform.</description>
diff --git a/quickcloud/pom.xml b/quickcloud/pom.xml
index 811f09bf47ff..bc61fbc43973 100644
--- a/quickcloud/pom.xml
+++ b/quickcloud/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/server/pom.xml b/server/pom.xml
index c28b0947ff42..2d94fd446e08 100644
--- a/server/pom.xml
+++ b/server/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
     </parent>
     <repositories>
         <repository>
diff --git a/services/console-proxy/pom.xml b/services/console-proxy/pom.xml
index 53c476af2bcf..083eb6c1f02d 100644
--- a/services/console-proxy/pom.xml
+++ b/services/console-proxy/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-services</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <build>
diff --git a/services/console-proxy/rdpconsole/pom.xml b/services/console-proxy/rdpconsole/pom.xml
index f18a8c18fd89..a9d9430e9e6b 100644
--- a/services/console-proxy/rdpconsole/pom.xml
+++ b/services/console-proxy/rdpconsole/pom.xml
@@ -26,7 +26,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-service-console-proxy</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/services/console-proxy/server/pom.xml b/services/console-proxy/server/pom.xml
index 8e0752f3c8aa..eee4cde4f8c3 100644
--- a/services/console-proxy/server/pom.xml
+++ b/services/console-proxy/server/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-service-console-proxy</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/services/pom.xml b/services/pom.xml
index 4c18da9bb2af..17d3db57d0be 100644
--- a/services/pom.xml
+++ b/services/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <build>
diff --git a/services/secondary-storage/controller/pom.xml b/services/secondary-storage/controller/pom.xml
index dd74a635f777..81b47bb97a50 100644
--- a/services/secondary-storage/controller/pom.xml
+++ b/services/secondary-storage/controller/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-service-secondary-storage</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/services/secondary-storage/pom.xml b/services/secondary-storage/pom.xml
index 29ad948255e7..1694b1fbb8d7 100644
--- a/services/secondary-storage/pom.xml
+++ b/services/secondary-storage/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-services</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <build>
diff --git a/services/secondary-storage/server/pom.xml b/services/secondary-storage/server/pom.xml
index f83575db62da..e07ec1ac37ec 100644
--- a/services/secondary-storage/server/pom.xml
+++ b/services/secondary-storage/server/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-service-secondary-storage</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/systemvm/pom.xml b/systemvm/pom.xml
index ab7b62441b7f..d01cc947e72d 100644
--- a/systemvm/pom.xml
+++ b/systemvm/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <properties>
diff --git a/test/pom.xml b/test/pom.xml
index d676230037d3..658c4df91dc7 100644
--- a/test/pom.xml
+++ b/test/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
     </parent>
     <dependencies>
         <dependency>
diff --git a/tools/apidoc/pom.xml b/tools/apidoc/pom.xml
index 31aa0d0d5a2f..500ff538f264 100644
--- a/tools/apidoc/pom.xml
+++ b/tools/apidoc/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-tools</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <properties>
diff --git a/tools/checkstyle/pom.xml b/tools/checkstyle/pom.xml
index f745f5881e63..3b4f3334bfbd 100644
--- a/tools/checkstyle/pom.xml
+++ b/tools/checkstyle/pom.xml
@@ -22,7 +22,7 @@
     <name>Apache CloudStack Developer Tools - Checkstyle Configuration</name>
     <groupId>org.apache.cloudstack</groupId>
     <artifactId>checkstyle</artifactId>
-    <version>4.18.2.1</version>
+    <version>4.18.2.2</version>
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
diff --git a/tools/devcloud-kvm/pom.xml b/tools/devcloud-kvm/pom.xml
index 32a73787206f..86e03d71aa6d 100644
--- a/tools/devcloud-kvm/pom.xml
+++ b/tools/devcloud-kvm/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-tools</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/tools/devcloud4/pom.xml b/tools/devcloud4/pom.xml
index 550d11785b43..69ef115ed95b 100644
--- a/tools/devcloud4/pom.xml
+++ b/tools/devcloud4/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-tools</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/tools/marvin/pom.xml b/tools/marvin/pom.xml
index f99b93e791d5..2e203dfaf624 100644
--- a/tools/marvin/pom.xml
+++ b/tools/marvin/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-tools</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/tools/pom.xml b/tools/pom.xml
index ac6b9cd23276..8acb1d5458a5 100644
--- a/tools/pom.xml
+++ b/tools/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <build>
diff --git a/usage/pom.xml b/usage/pom.xml
index f39ac6e72e55..187dcac93962 100644
--- a/usage/pom.xml
+++ b/usage/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
     </parent>
     <dependencies>
         <dependency>
diff --git a/utils/pom.xml b/utils/pom.xml
index 963230d64a52..b17296370599 100755
--- a/utils/pom.xml
+++ b/utils/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/vmware-base/pom.xml b/vmware-base/pom.xml
index a342d9f4ddf2..54ca81a3eda8 100644
--- a/vmware-base/pom.xml
+++ b/vmware-base/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.1</version>
+        <version>4.18.2.2</version>
     </parent>
     <dependencies>
         <dependency>

From e7dce2bcce5ba52b7d36551e8b2f0c84e75d7570 Mon Sep 17 00:00:00 2001
From: Abhishek Kumar <abhishek.mrt22@gmail.com>
Date: Wed, 31 Jul 2024 14:19:59 +0530
Subject: [PATCH 05/24] server, api: account and api entity access improvements

Fixes domain-admin access check to prevent unauthorized access.
Introduces a new non-dynamic global setting - api.allow.internal.db.ids
to control whether to allow using internal DB IDs as API parameters or
not. Default value for the global setting is false.

Co-authored-by: Fabricio Duarte <fabricio.duarte.jr@gmail.com>
Co-authored-by: nvazquez <nicovazquez90@gmail.com>
Co-authored-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
---
 .github/workflows/ci.yml                      |   1 +
 .../java/com/cloud/acl/DomainChecker.java     |  68 ++++--
 .../com/cloud/user/AccountManagerImpl.java    |  18 +-
 .../java/com/cloud/acl/DomainCheckerTest.java | 166 +++++++++++++++
 .../cloud/user/AccountManagerImplTest.java    |  58 +++++
 test/integration/smoke/test_account_access.py | 198 ++++++++++++++++++
 6 files changed, 488 insertions(+), 21 deletions(-)
 create mode 100644 server/src/test/java/com/cloud/acl/DomainCheckerTest.java
 create mode 100644 test/integration/smoke/test_account_access.py

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 087e2575f73f..8c07af29b8ca 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -32,6 +32,7 @@ jobs:
       fail-fast: false
       matrix:
         tests: [ "smoke/test_accounts
+                  smoke/test_account_access
                   smoke/test_affinity_groups
                   smoke/test_affinity_groups_projects
                   smoke/test_annotations
diff --git a/server/src/main/java/com/cloud/acl/DomainChecker.java b/server/src/main/java/com/cloud/acl/DomainChecker.java
index a8c9ab84f7ec..7930be49ec13 100644
--- a/server/src/main/java/com/cloud/acl/DomainChecker.java
+++ b/server/src/main/java/com/cloud/acl/DomainChecker.java
@@ -208,7 +208,7 @@ public boolean checkAccess(Account caller, ControlledEntity entity, AccessType a
 
             return true;
         } else if (entity instanceof Network && accessType != null && accessType == AccessType.UseEntry) {
-            _networkMgr.checkNetworkPermissions(caller, (Network)entity);
+            _networkMgr.checkNetworkPermissions(caller, (Network) entity);
         } else if (entity instanceof Network && accessType != null && accessType == AccessType.OperateEntry) {
             _networkMgr.checkNetworkOperatePermissions(caller, (Network)entity);
         } else if (entity instanceof VirtualRouter) {
@@ -216,30 +216,58 @@ public boolean checkAccess(Account caller, ControlledEntity entity, AccessType a
         } else if (entity instanceof AffinityGroup) {
             return false;
         } else {
-            if (_accountService.isNormalUser(caller.getId())) {
-                Account account = _accountDao.findById(entity.getAccountId());
-                String errorMessage = String.format("%s does not have permission to operate with resource", caller);
-                if (account != null && account.getType() == Account.Type.PROJECT) {
-                    //only project owner can delete/modify the project
-                    if (accessType != null && accessType == AccessType.ModifyProject) {
-                        if (!_projectMgr.canModifyProjectAccount(caller, account.getId())) {
-                            throw new PermissionDeniedException(errorMessage);
-                        }
-                    } else if (!_projectMgr.canAccessProjectAccount(caller, account.getId())) {
-                        throw new PermissionDeniedException(errorMessage);
-                    }
-                    checkOperationPermitted(caller, entity);
-                } else {
-                    if (caller.getId() != entity.getAccountId()) {
-                        throw new PermissionDeniedException(errorMessage);
-                    }
+            validateCallerHasAccessToEntityOwner(caller, entity, accessType);
+        }
+        return true;
+    }
+
+    protected void validateCallerHasAccessToEntityOwner(Account caller, ControlledEntity entity, AccessType accessType) {
+        PermissionDeniedException exception = new PermissionDeniedException("Caller does not have permission to operate with provided resource.");
+        String entityLog = String.format("entity [owner ID: %d, type: %s]", entity.getAccountId(),
+                entity.getEntityType().getSimpleName());
+
+        if (_accountService.isRootAdmin(caller.getId())) {
+            return;
+        }
+
+        if (caller.getId() == entity.getAccountId()) {
+            return;
+        }
+
+        Account owner = _accountDao.findById(entity.getAccountId());
+        if (owner == null) {
+            s_logger.error(String.format("Owner not found for %s", entityLog));
+            throw exception;
+        }
+
+        Account.Type callerAccountType = caller.getType();
+        if ((callerAccountType == Account.Type.DOMAIN_ADMIN || callerAccountType == Account.Type.RESOURCE_DOMAIN_ADMIN) &&
+                _domainDao.isChildDomain(caller.getDomainId(), owner.getDomainId())) {
+            return;
+        }
+
+        if (owner.getType() == Account.Type.PROJECT) {
+            // only project owner can delete/modify the project
+            if (accessType == AccessType.ModifyProject) {
+                if (!_projectMgr.canModifyProjectAccount(caller, owner.getId())) {
+                    s_logger.error(String.format("Caller ID: %d does not have permission to modify project with " +
+                            "owner ID: %d", caller.getId(), owner.getId()));
+                    throw exception;
                 }
+            } else if (!_projectMgr.canAccessProjectAccount(caller, owner.getId())) {
+                s_logger.error(String.format("Caller ID: %d does not have permission to access project with " +
+                        "owner ID: %d", caller.getId(), owner.getId()));
+                throw exception;
             }
+            checkOperationPermitted(caller, entity);
+            return;
         }
-        return true;
+
+        s_logger.error(String.format("Caller ID: %d does not have permission to access %s", caller.getId(), entityLog));
+        throw exception;
     }
 
-    private boolean checkOperationPermitted(Account caller, ControlledEntity entity) {
+    protected boolean checkOperationPermitted(Account caller, ControlledEntity entity) {
         User user = CallContext.current().getCallingUser();
         Project project = projectDao.findByProjectAccountId(entity.getAccountId());
         if (project == null) {
diff --git a/server/src/main/java/com/cloud/user/AccountManagerImpl.java b/server/src/main/java/com/cloud/user/AccountManagerImpl.java
index 3684657faec1..5c7aec5a1b7f 100644
--- a/server/src/main/java/com/cloud/user/AccountManagerImpl.java
+++ b/server/src/main/java/com/cloud/user/AccountManagerImpl.java
@@ -2717,7 +2717,9 @@ public Map<String, String> getKeys(Long userId) {
             throw new InvalidParameterValueException("Unable to find user by id");
         }
         final ControlledEntity account = getAccount(getUserAccountById(userId).getAccountId()); //Extracting the Account from the userID of the requested user.
-        checkAccess(CallContext.current().getCallingUser(), account);
+        User caller = CallContext.current().getCallingUser();
+        preventRootDomainAdminAccessToRootAdminKeys(caller, account);
+        checkAccess(caller, account);
 
         Map<String, String> keys = new HashMap<String, String>();
         keys.put("apikey", user.getApiKey());
@@ -2726,6 +2728,19 @@ public Map<String, String> getKeys(Long userId) {
         return keys;
     }
 
+    protected void preventRootDomainAdminAccessToRootAdminKeys(User caller, ControlledEntity account) {
+        if (isDomainAdminForRootDomain(caller) && isRootAdmin(account.getAccountId())) {
+            String msg = String.format("Caller Username %s does not have access to root admin keys", caller.getUsername());
+            s_logger.error(msg);
+            throw new PermissionDeniedException(msg);
+        }
+    }
+
+    protected boolean isDomainAdminForRootDomain(User callingUser) {
+        AccountVO caller = _accountDao.findById(callingUser.getAccountId());
+        return caller.getType() == Account.Type.DOMAIN_ADMIN && caller.getDomainId() == Domain.ROOT_DOMAIN;
+    }
+
     @Override
     public List<UserTwoFactorAuthenticator> listUserTwoFactorAuthenticationProviders() {
         return userTwoFactorAuthenticationProviders;
@@ -2760,6 +2775,7 @@ public String[] createApiKeyAndSecretKey(RegisterCmd cmd) {
         }
 
         Account account = _accountDao.findById(user.getAccountId());
+        preventRootDomainAdminAccessToRootAdminKeys(user, account);
         checkAccess(caller, null, true, account);
 
         // don't allow updating system user
diff --git a/server/src/test/java/com/cloud/acl/DomainCheckerTest.java b/server/src/test/java/com/cloud/acl/DomainCheckerTest.java
new file mode 100644
index 000000000000..a5ec41306d85
--- /dev/null
+++ b/server/src/test/java/com/cloud/acl/DomainCheckerTest.java
@@ -0,0 +1,166 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.acl;
+
+import org.apache.cloudstack.acl.ControlledEntity;
+import org.apache.cloudstack.acl.SecurityChecker;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.Mockito;
+import org.mockito.Spy;
+import org.mockito.junit.MockitoJUnitRunner;
+
+import com.cloud.domain.dao.DomainDao;
+import com.cloud.exception.PermissionDeniedException;
+import com.cloud.projects.ProjectManager;
+import com.cloud.user.Account;
+import com.cloud.user.AccountService;
+import com.cloud.user.AccountVO;
+import com.cloud.user.dao.AccountDao;
+import com.cloud.utils.Ternary;
+
+@RunWith(MockitoJUnitRunner.class)
+public class DomainCheckerTest {
+
+    @Mock
+    AccountService _accountService;
+    @Mock
+    AccountDao _accountDao;
+    @Mock
+    DomainDao _domainDao;
+    @Mock
+    ProjectManager _projectMgr;
+
+    @Spy
+    @InjectMocks
+    DomainChecker domainChecker;
+
+    private ControlledEntity getMockedEntity(long accountId) {
+        ControlledEntity entity = Mockito.mock(Account.class);
+        Mockito.when(entity.getAccountId()).thenReturn(accountId);
+        Mockito.when(entity.getEntityType()).thenReturn((Class)Account.class);
+        return entity;
+    }
+
+    @Test
+    public void testRootAdminHasAccess() {
+        Account rootAdmin = Mockito.mock(Account.class);
+        Mockito.when(rootAdmin.getId()).thenReturn(1L);
+        ControlledEntity entity = getMockedEntity(2L);
+        Mockito.when(_accountService.isRootAdmin(rootAdmin.getId())).thenReturn(true);
+
+        domainChecker.validateCallerHasAccessToEntityOwner(rootAdmin, entity, SecurityChecker.AccessType.ModifyProject);
+    }
+
+    @Test
+    public void testCallerIsOwner() {
+        Account caller = Mockito.mock(Account.class);
+        Mockito.when(caller.getId()).thenReturn(1L);
+        ControlledEntity entity = getMockedEntity(1L);
+
+        domainChecker.validateCallerHasAccessToEntityOwner(caller, entity, SecurityChecker.AccessType.ModifyProject);
+    }
+
+    @Test(expected = PermissionDeniedException.class)
+    public void testOwnerNotFound() {
+        Account caller = Mockito.mock(Account.class);
+        Mockito.when(caller.getId()).thenReturn(1L);
+        ControlledEntity entity = getMockedEntity(2L);
+        Mockito.when(_accountDao.findById(entity.getAccountId())).thenReturn(null);
+
+        domainChecker.validateCallerHasAccessToEntityOwner(caller, entity, SecurityChecker.AccessType.ModifyProject);
+    }
+
+    @Test
+    public void testDomainAdminHasAccess() {
+        Account caller = Mockito.mock(Account.class);
+        Mockito.when(caller.getId()).thenReturn(1L);
+        Mockito.when(caller.getDomainId()).thenReturn(100L);
+        Mockito.when(caller.getType()).thenReturn(Account.Type.DOMAIN_ADMIN);
+        ControlledEntity entity = getMockedEntity(2L);
+        AccountVO owner = Mockito.mock(AccountVO.class);
+        Mockito.when(owner.getDomainId()).thenReturn(101L);
+        Mockito.when(_accountDao.findById(entity.getAccountId())).thenReturn(owner);
+        Mockito.when(_domainDao.isChildDomain(100L, 101L)).thenReturn(true);
+
+        domainChecker.validateCallerHasAccessToEntityOwner(caller, entity, SecurityChecker.AccessType.ModifyProject);
+    }
+
+    private Ternary<Account, ControlledEntity, AccountVO> getProjectAccessCheckResources() {
+        Account caller = Mockito.mock(Account.class);
+        Mockito.when(caller.getId()).thenReturn(100L);
+        Mockito.when(caller.getType()).thenReturn(Account.Type.PROJECT);
+        ControlledEntity entity = getMockedEntity(2L);
+        AccountVO projectAccount = Mockito.mock(AccountVO.class);
+        Mockito.when(projectAccount.getId()).thenReturn(2L);
+        Mockito.when(projectAccount.getType()).thenReturn(Account.Type.PROJECT);
+        return new Ternary<>(caller, entity, projectAccount);
+    }
+
+    @Test
+    public void testProjectOwnerCanModify() {
+        Ternary<Account, ControlledEntity, AccountVO> resources = getProjectAccessCheckResources();
+        Account caller = resources.first();
+        ControlledEntity entity = resources.second();
+        AccountVO projectAccount = resources.third();
+        Mockito.when(_accountDao.findById(entity.getAccountId())).thenReturn(projectAccount);
+        Mockito.when(_projectMgr.canModifyProjectAccount(caller, projectAccount.getId())).thenReturn(true);
+        Mockito.doReturn(true).when(domainChecker).checkOperationPermitted(caller, entity);
+
+        domainChecker.validateCallerHasAccessToEntityOwner(caller, entity, SecurityChecker.AccessType.ModifyProject);
+    }
+
+    @Test(expected = PermissionDeniedException.class)
+    public void testProjectOwnerCannotModify() {
+        Ternary<Account, ControlledEntity, AccountVO> resources = getProjectAccessCheckResources();
+        Account caller = resources.first();
+        ControlledEntity entity = resources.second();
+        AccountVO projectAccount = resources.third();
+        Mockito.when(_accountDao.findById(entity.getAccountId())).thenReturn(projectAccount);
+        Mockito.when(_projectMgr.canModifyProjectAccount(caller, projectAccount.getId())).thenReturn(false);
+
+        domainChecker.validateCallerHasAccessToEntityOwner(caller, entity, SecurityChecker.AccessType.ModifyProject);
+    }
+
+    @Test
+    public void testProjectOwnerCanAccess() {
+        Ternary<Account, ControlledEntity, AccountVO> resources = getProjectAccessCheckResources();
+        Account caller = resources.first();
+        ControlledEntity entity = resources.second();
+        AccountVO projectAccount = resources.third();
+        Mockito.when(_accountDao.findById(entity.getAccountId())).thenReturn(projectAccount);
+        Mockito.when(_projectMgr.canAccessProjectAccount(caller, projectAccount.getId())).thenReturn(true);
+        Mockito.doReturn(true).when(domainChecker).checkOperationPermitted(caller, entity);
+
+        domainChecker.validateCallerHasAccessToEntityOwner(caller, entity, SecurityChecker.AccessType.ListEntry);
+    }
+
+    @Test(expected = PermissionDeniedException.class)
+    public void testProjectOwnerCannotAccess() {
+        Ternary<Account, ControlledEntity, AccountVO> resources = getProjectAccessCheckResources();
+        Account caller = resources.first();
+        ControlledEntity entity = resources.second();
+        AccountVO projectAccount = resources.third();
+        Mockito.when(_accountDao.findById(entity.getAccountId())).thenReturn(projectAccount);
+        Mockito.when(_projectMgr.canAccessProjectAccount(caller, projectAccount.getId())).thenReturn(false);
+
+        domainChecker.validateCallerHasAccessToEntityOwner(caller, entity, SecurityChecker.AccessType.ListEntry);
+    }
+
+}
diff --git a/server/src/test/java/com/cloud/user/AccountManagerImplTest.java b/server/src/test/java/com/cloud/user/AccountManagerImplTest.java
index 2f3a68e20af6..262fdeced3e1 100644
--- a/server/src/test/java/com/cloud/user/AccountManagerImplTest.java
+++ b/server/src/test/java/com/cloud/user/AccountManagerImplTest.java
@@ -24,6 +24,7 @@
 import java.util.Map;
 import java.util.HashMap;
 
+import org.apache.cloudstack.acl.ControlledEntity;
 import org.apache.cloudstack.acl.SecurityChecker.AccessType;
 import org.apache.cloudstack.api.command.admin.user.GetUserKeysCmd;
 import org.apache.cloudstack.api.command.admin.user.UpdateUserCmd;
@@ -240,6 +241,63 @@ public void testgetUserCmd() {
         accountManagerImpl.getKeys(_listkeyscmd);
     }
 
+    @Test(expected = PermissionDeniedException.class)
+    public void testGetUserKeysCmdDomainAdminRootAdminUser() {
+        CallContext.register(callingUser, callingAccount);
+        Mockito.when(_listkeyscmd.getID()).thenReturn(2L);
+        Mockito.when(accountManagerImpl.getActiveUser(2L)).thenReturn(userVoMock);
+        Mockito.when(userAccountDaoMock.findById(2L)).thenReturn(userAccountVO);
+        Mockito.when(userAccountVO.getAccountId()).thenReturn(2L);
+        Mockito.when(userDetailsDaoMock.listDetailsKeyPairs(Mockito.anyLong())).thenReturn(null);
+
+        // Queried account - admin account
+        AccountVO adminAccountMock = Mockito.mock(AccountVO.class);
+        Mockito.when(adminAccountMock.getAccountId()).thenReturn(2L);
+        Mockito.when(_accountDao.findByIdIncludingRemoved(2L)).thenReturn(adminAccountMock);
+        Mockito.lenient().when(accountService.isRootAdmin(2L)).thenReturn(true);
+        Mockito.lenient().when(securityChecker.checkAccess(Mockito.any(Account.class),
+                Mockito.nullable(ControlledEntity.class), Mockito.nullable(AccessType.class), Mockito.anyString())).thenReturn(true);
+
+        // Calling account is domain admin of the ROOT domain
+        Mockito.lenient().when(callingAccount.getType()).thenReturn(Account.Type.DOMAIN_ADMIN);
+        Mockito.lenient().when(callingAccount.getDomainId()).thenReturn(Domain.ROOT_DOMAIN);
+
+        Mockito.lenient().when(callingUser.getAccountId()).thenReturn(2L);
+        Mockito.lenient().when(_accountDao.findById(2L)).thenReturn(callingAccount);
+
+        Mockito.lenient().when(accountService.isDomainAdmin(Mockito.anyLong())).thenReturn(Boolean.TRUE);
+        Mockito.lenient().when(accountMock.getAccountId()).thenReturn(2L);
+
+        accountManagerImpl.getKeys(_listkeyscmd);
+    }
+
+    @Test
+    public void testPreventRootDomainAdminAccessToRootAdminKeysNormalUser() {
+        User user = Mockito.mock(User.class);
+        ControlledEntity entity = Mockito.mock(ControlledEntity.class);
+        Mockito.when(user.getAccountId()).thenReturn(1L);
+        AccountVO account = Mockito.mock(AccountVO.class);
+        Mockito.when(account.getType()).thenReturn(Account.Type.NORMAL);
+        Mockito.when(_accountDao.findById(1L)).thenReturn(account);
+        accountManagerImpl.preventRootDomainAdminAccessToRootAdminKeys(user, entity);
+        Mockito.verify(accountManagerImpl, Mockito.never()).isRootAdmin(Mockito.anyLong());
+    }
+
+    @Test(expected = PermissionDeniedException.class)
+    public void testPreventRootDomainAdminAccessToRootAdminKeysRootDomainAdminUser() {
+        User user = Mockito.mock(User.class);
+        ControlledEntity entity = Mockito.mock(ControlledEntity.class);
+        Mockito.when(user.getAccountId()).thenReturn(1L);
+        AccountVO account = Mockito.mock(AccountVO.class);
+        Mockito.when(account.getType()).thenReturn(Account.Type.DOMAIN_ADMIN);
+        Mockito.when(account.getDomainId()).thenReturn(Domain.ROOT_DOMAIN);
+        Mockito.when(_accountDao.findById(1L)).thenReturn(account);
+        Mockito.when(entity.getAccountId()).thenReturn(1L);
+        Mockito.lenient().when(securityChecker.checkAccess(Mockito.any(Account.class),
+                Mockito.nullable(ControlledEntity.class), Mockito.nullable(AccessType.class), Mockito.anyString())).thenReturn(true);
+        accountManagerImpl.preventRootDomainAdminAccessToRootAdminKeys(user, entity);
+    }
+
     @Test
     public void updateUserTestTimeZoneAndEmailNull() {
         prepareMockAndExecuteUpdateUserTest(0);
diff --git a/test/integration/smoke/test_account_access.py b/test/integration/smoke/test_account_access.py
new file mode 100644
index 000000000000..97eeced63860
--- /dev/null
+++ b/test/integration/smoke/test_account_access.py
@@ -0,0 +1,198 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+""" BVT tests for Account User Access
+"""
+# Import Local Modules
+from marvin.cloudstackTestCase import cloudstackTestCase
+from marvin.lib.utils import *
+from marvin.lib.base import (Account,
+                             User,
+                             Domain)
+from marvin.lib.common import (get_domain)
+from marvin.cloudstackAPI import (getUserKeys)
+from marvin.cloudstackException import CloudstackAPIException
+from nose.plugins.attrib import attr
+
+_multiprocess_shared_ = True
+
+class TestAccountAccess(cloudstackTestCase):
+
+    @classmethod
+    def setUpClass(cls):
+        testClient = super(TestAccountAccess, cls).getClsTestClient()
+        cls.apiclient = testClient.getApiClient()
+        cls.services = testClient.getParsedTestDataConfig()
+        cls.hypervisor = testClient.getHypervisorInfo()
+        cls._cleanup = []
+
+        # Get Zone, Domain and templates
+        cls.domain = get_domain(cls.apiclient)
+
+        cls.domains = []
+        cls.domain_admins = {}
+        cls.domain_users = {}
+        cls.account_users = {}
+
+        domain_data = {
+            "name": "domain_1"
+        }
+        cls.domain_1 = Domain.create(
+            cls.apiclient,
+            domain_data,
+        )
+        cls._cleanup.append(cls.domain_1)
+        cls.domains.append(cls.domain_1)
+        domain_data["name"] = "domain_11"
+        cls.domain_11 = Domain.create(
+            cls.apiclient,
+            domain_data,
+            parentdomainid=cls.domain_1.id
+        )
+        cls._cleanup.append(cls.domain_11)
+        cls.domains.append(cls.domain_11)
+        domain_data["name"] = "domain_12"
+        cls.domain_12 = Domain.create(
+            cls.apiclient,
+            domain_data,
+            parentdomainid=cls.domain_1.id
+        )
+        cls._cleanup.append(cls.domain_12)
+        cls.domains.append(cls.domain_12)
+        domain_data["name"] = "domain_2"
+        cls.domain_2 = Domain.create(
+            cls.apiclient,
+            domain_data,
+        )
+        cls._cleanup.append(cls.domain_2)
+        cls.domains.append(cls.domain_2)
+
+
+        for d in cls.domains:
+            cls.create_domainadmin_and_user(d)
+
+    @classmethod
+    def tearDownClass(cls):
+        super(TestAccountAccess, cls).tearDownClass()
+
+    @classmethod
+    def create_account(cls, domain, is_admin):
+        cls.debug(f"Creating account for domain {domain.name}, admin: {is_admin}")
+        data = {
+            "email": "admin-" + domain.name + "@test.com",
+            "firstname": "Admin",
+            "lastname": domain.name,
+            "username": "admin-" + domain.name,
+            "password": "password"
+        }
+        if is_admin == False:
+            data["email"] = "user-" + domain.name + "@test.com"
+            data["firstname"] = "User"
+            data["username"] = "user-" + domain.name
+        account = Account.create(
+            cls.apiclient,
+            data,
+            admin=is_admin,
+            domainid=domain.id
+        )
+        cls._cleanup.append(account)
+        if is_admin == True:
+            cls.domain_admins[domain.id] = account
+        else:
+            cls.domain_users[domain.id] = account
+
+        user = User.create(
+            cls.apiclient,
+            data,
+            account=account.name,
+            domainid=account.domainid)
+        cls._cleanup.append(user)
+        cls.account_users[account.id] = user
+
+    @classmethod
+    def create_domainadmin_and_user(cls, domain):
+        cls.debug(f"Creating accounts for domain #{domain.id} {domain.name}")
+        cls.create_account(domain, True)
+        cls.create_account(domain, False)
+
+    def get_user_keys(self, api_client, user_id):
+        getUserKeysCmd = getUserKeys.getUserKeysCmd()
+        getUserKeysCmd.id = user_id
+        return api_client.getUserKeys(getUserKeysCmd)
+
+    def is_child_domain(self, parent_domain, child_domain):
+        if not parent_domain or not child_domain:
+            return False
+        parent_domain_prefix = parent_domain.split('-')[0]
+        child_domain_prefix = child_domain.split('-')[0]
+        if not parent_domain_prefix or not child_domain_prefix:
+            return False
+        return child_domain_prefix.startswith(parent_domain_prefix)
+
+
+    @attr(tags=["advanced", "advancedns", "smoke", "sg"], required_hardware="false")
+    def test_01_user_access(self):
+        """
+        Test user account is not accessing any other account
+        """
+
+        domain_user_accounts = [value for value in self.domain_users.values()]
+        all_account_users = [value for value in self.account_users.values()]
+        for user_account in domain_user_accounts:
+            current_account_user = self.account_users[user_account.id]
+            self.debug(f"Check for account {user_account.name} with user {current_account_user.username}")
+            user_api_client = self.testClient.getUserApiClient(
+                UserName=user_account.name,
+                DomainName=user_account.domain
+            )
+            for user in all_account_users:
+                self.debug(f"Checking access for user {user.username} associated with account {user.account}")
+                try:
+                    self.get_user_keys(user_api_client, user.id)
+                    self.debug(f"API successful")
+                    if user.id != current_account_user.id:
+                        self.fail(f"User account #{user_account.id} was able to access another account #{user.id}")
+                except CloudstackAPIException as e:
+                    self.debug(f"Exception occurred: {e}")
+                    if user.id == current_account_user.id:
+                        self.fail(f"User account #{user_account.id} not able to access own account")
+
+    @attr(tags=["advanced", "advancedns", "smoke", "sg"], required_hardware="false")
+    def test_02_domain_admin_access(self):
+        """
+        Test domain admin account is not accessing any other account from unauthorized domain
+        """
+
+        domain_admin_accounts = [value for value in self.domain_admins.values()]
+        all_account_users = [value for value in self.account_users.values()]
+        for admin_account in domain_admin_accounts:
+            current_account_user = self.account_users[admin_account.id]
+            self.debug(f"Check for domain admin {admin_account.name} with user {current_account_user.username}, {current_account_user.domain}")
+            admin_api_client = self.testClient.getUserApiClient(
+                UserName=admin_account.name,
+                DomainName=admin_account.domain
+            )
+            for user in all_account_users:
+                self.debug(f"Checking access for user {user.username}, {user.domain} associated with account {user.account}")
+                try:
+                    self.get_user_keys(admin_api_client, user.id)
+                    self.debug(f"API successful")
+                    if self.is_child_domain(current_account_user.domain, user.domain) == False:
+                        self.fail(f"User account #{admin_account.id} was able to access another account #{user.id}")
+                except CloudstackAPIException as e:
+                    self.debug(f"Exception occurred: {e}")
+                    if self.is_child_domain(current_account_user.domain, user.domain) == True:
+                        self.fail(f"User account #{admin_account.id} not able to access own account")

From be191f5ad79a77a54d5325307c6047fc352c275e Mon Sep 17 00:00:00 2001
From: nvazquez <nicovazquez90@gmail.com>
Date: Fri, 2 Aug 2024 17:24:50 -0300
Subject: [PATCH 06/24] Updating pom.xml version numbers for release 4.18.2.3

Signed-off-by: nvazquez <nicovazquez90@gmail.com>
---
 agent/pom.xml                                               | 2 +-
 api/pom.xml                                                 | 2 +-
 client/pom.xml                                              | 2 +-
 core/pom.xml                                                | 2 +-
 debian/changelog                                            | 6 ++++++
 developer/pom.xml                                           | 2 +-
 engine/api/pom.xml                                          | 2 +-
 engine/components-api/pom.xml                               | 2 +-
 engine/orchestration/pom.xml                                | 2 +-
 engine/pom.xml                                              | 2 +-
 engine/schema/pom.xml                                       | 2 +-
 engine/service/pom.xml                                      | 2 +-
 engine/storage/cache/pom.xml                                | 2 +-
 engine/storage/configdrive/pom.xml                          | 2 +-
 engine/storage/datamotion/pom.xml                           | 2 +-
 engine/storage/image/pom.xml                                | 2 +-
 engine/storage/integration-test/pom.xml                     | 2 +-
 engine/storage/pom.xml                                      | 2 +-
 engine/storage/snapshot/pom.xml                             | 2 +-
 engine/storage/volume/pom.xml                               | 2 +-
 framework/agent-lb/pom.xml                                  | 2 +-
 framework/ca/pom.xml                                        | 2 +-
 framework/cluster/pom.xml                                   | 2 +-
 framework/config/pom.xml                                    | 2 +-
 framework/db/pom.xml                                        | 2 +-
 framework/direct-download/pom.xml                           | 4 ++--
 framework/events/pom.xml                                    | 2 +-
 framework/ipc/pom.xml                                       | 2 +-
 framework/jobs/pom.xml                                      | 2 +-
 framework/managed-context/pom.xml                           | 2 +-
 framework/pom.xml                                           | 2 +-
 framework/quota/pom.xml                                     | 2 +-
 framework/rest/pom.xml                                      | 2 +-
 framework/security/pom.xml                                  | 2 +-
 framework/spring/lifecycle/pom.xml                          | 2 +-
 framework/spring/module/pom.xml                             | 2 +-
 plugins/acl/dynamic-role-based/pom.xml                      | 2 +-
 plugins/acl/project-role-based/pom.xml                      | 2 +-
 plugins/acl/static-role-based/pom.xml                       | 2 +-
 .../affinity-group-processors/explicit-dedication/pom.xml   | 2 +-
 plugins/affinity-group-processors/host-affinity/pom.xml     | 2 +-
 .../affinity-group-processors/host-anti-affinity/pom.xml    | 2 +-
 .../non-strict-host-affinity/pom.xml                        | 2 +-
 .../non-strict-host-anti-affinity/pom.xml                   | 4 ++--
 plugins/alert-handlers/snmp-alerts/pom.xml                  | 2 +-
 plugins/alert-handlers/syslog-alerts/pom.xml                | 2 +-
 plugins/api/discovery/pom.xml                               | 2 +-
 plugins/api/rate-limit/pom.xml                              | 2 +-
 plugins/api/solidfire-intg-test/pom.xml                     | 2 +-
 plugins/api/vmware-sioc/pom.xml                             | 2 +-
 plugins/backup/dummy/pom.xml                                | 2 +-
 plugins/backup/networker/pom.xml                            | 2 +-
 plugins/backup/veeam/pom.xml                                | 2 +-
 plugins/ca/root-ca/pom.xml                                  | 2 +-
 plugins/database/mysql-ha/pom.xml                           | 2 +-
 plugins/database/quota/pom.xml                              | 2 +-
 plugins/dedicated-resources/pom.xml                         | 2 +-
 plugins/deployment-planners/implicit-dedication/pom.xml     | 2 +-
 plugins/deployment-planners/user-concentrated-pod/pom.xml   | 2 +-
 plugins/deployment-planners/user-dispersing/pom.xml         | 2 +-
 plugins/event-bus/inmemory/pom.xml                          | 2 +-
 plugins/event-bus/kafka/pom.xml                             | 2 +-
 plugins/event-bus/rabbitmq/pom.xml                          | 2 +-
 plugins/ha-planners/skip-heurestics/pom.xml                 | 2 +-
 plugins/host-allocators/random/pom.xml                      | 2 +-
 plugins/hypervisors/baremetal/pom.xml                       | 2 +-
 plugins/hypervisors/hyperv/pom.xml                          | 2 +-
 plugins/hypervisors/kvm/pom.xml                             | 2 +-
 plugins/hypervisors/ovm/pom.xml                             | 2 +-
 plugins/hypervisors/ovm3/pom.xml                            | 2 +-
 plugins/hypervisors/simulator/pom.xml                       | 2 +-
 plugins/hypervisors/ucs/pom.xml                             | 2 +-
 plugins/hypervisors/vmware/pom.xml                          | 2 +-
 plugins/hypervisors/xenserver/pom.xml                       | 2 +-
 plugins/integrations/cloudian/pom.xml                       | 2 +-
 plugins/integrations/kubernetes-service/pom.xml             | 2 +-
 plugins/integrations/prometheus/pom.xml                     | 2 +-
 plugins/metrics/pom.xml                                     | 2 +-
 plugins/network-elements/bigswitch/pom.xml                  | 2 +-
 plugins/network-elements/brocade-vcs/pom.xml                | 2 +-
 plugins/network-elements/cisco-vnmc/pom.xml                 | 2 +-
 plugins/network-elements/dns-notifier/pom.xml               | 2 +-
 plugins/network-elements/elastic-loadbalancer/pom.xml       | 2 +-
 plugins/network-elements/globodns/pom.xml                   | 2 +-
 plugins/network-elements/internal-loadbalancer/pom.xml      | 2 +-
 plugins/network-elements/juniper-contrail/pom.xml           | 2 +-
 plugins/network-elements/netscaler/pom.xml                  | 2 +-
 plugins/network-elements/nicira-nvp/pom.xml                 | 2 +-
 plugins/network-elements/opendaylight/pom.xml               | 2 +-
 plugins/network-elements/ovs/pom.xml                        | 2 +-
 plugins/network-elements/palo-alto/pom.xml                  | 2 +-
 plugins/network-elements/stratosphere-ssp/pom.xml           | 2 +-
 plugins/network-elements/tungsten/pom.xml                   | 2 +-
 plugins/network-elements/vxlan/pom.xml                      | 2 +-
 plugins/outofbandmanagement-drivers/ipmitool/pom.xml        | 2 +-
 .../outofbandmanagement-drivers/nested-cloudstack/pom.xml   | 2 +-
 plugins/outofbandmanagement-drivers/redfish/pom.xml         | 2 +-
 plugins/pom.xml                                             | 2 +-
 plugins/storage-allocators/random/pom.xml                   | 2 +-
 plugins/storage/image/default/pom.xml                       | 2 +-
 plugins/storage/image/s3/pom.xml                            | 2 +-
 plugins/storage/image/sample/pom.xml                        | 2 +-
 plugins/storage/image/swift/pom.xml                         | 2 +-
 plugins/storage/volume/cloudbyte/pom.xml                    | 2 +-
 plugins/storage/volume/datera/pom.xml                       | 2 +-
 plugins/storage/volume/default/pom.xml                      | 2 +-
 plugins/storage/volume/linstor/pom.xml                      | 2 +-
 plugins/storage/volume/nexenta/pom.xml                      | 2 +-
 plugins/storage/volume/sample/pom.xml                       | 2 +-
 plugins/storage/volume/scaleio/pom.xml                      | 2 +-
 plugins/storage/volume/solidfire/pom.xml                    | 2 +-
 plugins/storage/volume/storpool/pom.xml                     | 2 +-
 plugins/user-authenticators/ldap/pom.xml                    | 2 +-
 plugins/user-authenticators/md5/pom.xml                     | 2 +-
 plugins/user-authenticators/pbkdf2/pom.xml                  | 2 +-
 plugins/user-authenticators/plain-text/pom.xml              | 2 +-
 plugins/user-authenticators/saml2/pom.xml                   | 2 +-
 plugins/user-authenticators/sha256salted/pom.xml            | 2 +-
 plugins/user-two-factor-authenticators/static-pin/pom.xml   | 2 +-
 plugins/user-two-factor-authenticators/totp/pom.xml         | 2 +-
 pom.xml                                                     | 2 +-
 quickcloud/pom.xml                                          | 2 +-
 server/pom.xml                                              | 2 +-
 services/console-proxy/pom.xml                              | 2 +-
 services/console-proxy/rdpconsole/pom.xml                   | 2 +-
 services/console-proxy/server/pom.xml                       | 2 +-
 services/pom.xml                                            | 2 +-
 services/secondary-storage/controller/pom.xml               | 2 +-
 services/secondary-storage/pom.xml                          | 2 +-
 services/secondary-storage/server/pom.xml                   | 2 +-
 systemvm/pom.xml                                            | 2 +-
 test/pom.xml                                                | 2 +-
 tools/apidoc/pom.xml                                        | 2 +-
 tools/checkstyle/pom.xml                                    | 2 +-
 tools/devcloud-kvm/pom.xml                                  | 2 +-
 tools/devcloud4/pom.xml                                     | 2 +-
 tools/marvin/pom.xml                                        | 2 +-
 tools/pom.xml                                               | 2 +-
 usage/pom.xml                                               | 2 +-
 utils/pom.xml                                               | 2 +-
 vmware-base/pom.xml                                         | 2 +-
 141 files changed, 148 insertions(+), 142 deletions(-)

diff --git a/agent/pom.xml b/agent/pom.xml
index f6667517cf6f..b362bcbcc9d6 100644
--- a/agent/pom.xml
+++ b/agent/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
     </parent>
     <dependencies>
         <dependency>
diff --git a/api/pom.xml b/api/pom.xml
index b3fd802be435..d46bd5436243 100644
--- a/api/pom.xml
+++ b/api/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
     </parent>
     <dependencies>
         <dependency>
diff --git a/client/pom.xml b/client/pom.xml
index 0f6ce1a2a2db..09771ba86595 100644
--- a/client/pom.xml
+++ b/client/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
     </parent>
     <repositories>
         <repository>
diff --git a/core/pom.xml b/core/pom.xml
index bb069317aa97..5e3d9ee7992b 100644
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
     </parent>
     <dependencies>
         <dependency>
diff --git a/debian/changelog b/debian/changelog
index a09c2c506500..15c0d4f80cfd 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+cloudstack (4.18.2.3) unstable; urgency=low
+
+  * Update the version to 4.18.2.3
+
+ -- the Apache CloudStack project <dev@cloudstack.apache.org>  Fri, 02 Aug 2024 17:24:50 -0300
+
 cloudstack (4.18.2.2) unstable; urgency=low
 
   * Update the version to 4.18.2.2
diff --git a/developer/pom.xml b/developer/pom.xml
index 21c2ff39a52c..5cfe4a16069b 100644
--- a/developer/pom.xml
+++ b/developer/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
     </parent>
     <dependencies>
         <dependency>
diff --git a/engine/api/pom.xml b/engine/api/pom.xml
index 7bacb63845c7..028d90e55dee 100644
--- a/engine/api/pom.xml
+++ b/engine/api/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/components-api/pom.xml b/engine/components-api/pom.xml
index c043ece39bcd..4078ff51dc8f 100644
--- a/engine/components-api/pom.xml
+++ b/engine/components-api/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/orchestration/pom.xml b/engine/orchestration/pom.xml
index a13df3c3d2e1..a694409bb9d3 100755
--- a/engine/orchestration/pom.xml
+++ b/engine/orchestration/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/pom.xml b/engine/pom.xml
index db69f62f6cdc..cc08eb6243a7 100644
--- a/engine/pom.xml
+++ b/engine/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <build>
diff --git a/engine/schema/pom.xml b/engine/schema/pom.xml
index 8408ab923cb8..71c2069a2f1e 100644
--- a/engine/schema/pom.xml
+++ b/engine/schema/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/service/pom.xml b/engine/service/pom.xml
index efa9b5ad6757..b45196c2cc72 100644
--- a/engine/service/pom.xml
+++ b/engine/service/pom.xml
@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
     </parent>
     <artifactId>cloud-engine-service</artifactId>
     <packaging>war</packaging>
diff --git a/engine/storage/cache/pom.xml b/engine/storage/cache/pom.xml
index 1746c2d34674..0a1dd195b572 100644
--- a/engine/storage/cache/pom.xml
+++ b/engine/storage/cache/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/storage/configdrive/pom.xml b/engine/storage/configdrive/pom.xml
index a086006b4155..f0a303f83430 100644
--- a/engine/storage/configdrive/pom.xml
+++ b/engine/storage/configdrive/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/storage/datamotion/pom.xml b/engine/storage/datamotion/pom.xml
index 5f34d624eb96..4e61e1a4003a 100644
--- a/engine/storage/datamotion/pom.xml
+++ b/engine/storage/datamotion/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/storage/image/pom.xml b/engine/storage/image/pom.xml
index 903dba603d71..2627057ef0ad 100644
--- a/engine/storage/image/pom.xml
+++ b/engine/storage/image/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/storage/integration-test/pom.xml b/engine/storage/integration-test/pom.xml
index 71fb56cb78dc..1200031d9e10 100644
--- a/engine/storage/integration-test/pom.xml
+++ b/engine/storage/integration-test/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/storage/pom.xml b/engine/storage/pom.xml
index e0cf2d3f71cd..4a6e7c80939f 100644
--- a/engine/storage/pom.xml
+++ b/engine/storage/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/storage/snapshot/pom.xml b/engine/storage/snapshot/pom.xml
index 1ffd8ee04dfc..d3bdbfbe375d 100644
--- a/engine/storage/snapshot/pom.xml
+++ b/engine/storage/snapshot/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/storage/volume/pom.xml b/engine/storage/volume/pom.xml
index 8f1baa97b914..7ade6685521e 100644
--- a/engine/storage/volume/pom.xml
+++ b/engine/storage/volume/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/agent-lb/pom.xml b/framework/agent-lb/pom.xml
index 2cb0e93688a5..daf07ba057af 100644
--- a/framework/agent-lb/pom.xml
+++ b/framework/agent-lb/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <artifactId>cloudstack-framework</artifactId>
         <groupId>org.apache.cloudstack</groupId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/framework/ca/pom.xml b/framework/ca/pom.xml
index 279d48cb54f5..1cf04899cf9d 100644
--- a/framework/ca/pom.xml
+++ b/framework/ca/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/framework/cluster/pom.xml b/framework/cluster/pom.xml
index 12da4c3fb0e2..e1b761d58d36 100644
--- a/framework/cluster/pom.xml
+++ b/framework/cluster/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/config/pom.xml b/framework/config/pom.xml
index 58682d279349..545910f84b74 100644
--- a/framework/config/pom.xml
+++ b/framework/config/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/db/pom.xml b/framework/db/pom.xml
index b9813265fb33..4ef8653c0cc7 100644
--- a/framework/db/pom.xml
+++ b/framework/db/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/direct-download/pom.xml b/framework/direct-download/pom.xml
index adbf11eec149..25496af3e5bd 100644
--- a/framework/direct-download/pom.xml
+++ b/framework/direct-download/pom.xml
@@ -25,14 +25,14 @@
         <dependency>
             <groupId>org.apache.cloudstack</groupId>
             <artifactId>cloud-utils</artifactId>
-            <version>4.18.2.2</version>
+            <version>4.18.2.3</version>
             <scope>compile</scope>
         </dependency>
     </dependencies>
     <parent>
         <artifactId>cloudstack-framework</artifactId>
         <groupId>org.apache.cloudstack</groupId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 </project>
\ No newline at end of file
diff --git a/framework/events/pom.xml b/framework/events/pom.xml
index 06dd7d8dbff2..7ba09b1a48ad 100644
--- a/framework/events/pom.xml
+++ b/framework/events/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/ipc/pom.xml b/framework/ipc/pom.xml
index 40a2a388d8ad..5b54520f891d 100644
--- a/framework/ipc/pom.xml
+++ b/framework/ipc/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/jobs/pom.xml b/framework/jobs/pom.xml
index a0833dd4f481..3650b9e6c6df 100644
--- a/framework/jobs/pom.xml
+++ b/framework/jobs/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/managed-context/pom.xml b/framework/managed-context/pom.xml
index 0c6b8be2e853..454e79cf608d 100644
--- a/framework/managed-context/pom.xml
+++ b/framework/managed-context/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/pom.xml b/framework/pom.xml
index 2be5c24aef6d..72ab32529451 100644
--- a/framework/pom.xml
+++ b/framework/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
     </parent>
     <build>
         <plugins>
diff --git a/framework/quota/pom.xml b/framework/quota/pom.xml
index 2b68531b73f8..bf7dcfc3e9c4 100644
--- a/framework/quota/pom.xml
+++ b/framework/quota/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/rest/pom.xml b/framework/rest/pom.xml
index 96973f42a133..9a25194eeff9 100644
--- a/framework/rest/pom.xml
+++ b/framework/rest/pom.xml
@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <artifactId>cloud-framework-rest</artifactId>
diff --git a/framework/security/pom.xml b/framework/security/pom.xml
index 935bc1bda4c8..d13021aa0214 100644
--- a/framework/security/pom.xml
+++ b/framework/security/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/spring/lifecycle/pom.xml b/framework/spring/lifecycle/pom.xml
index b19dc42a007d..842fde12a352 100644
--- a/framework/spring/lifecycle/pom.xml
+++ b/framework/spring/lifecycle/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/spring/module/pom.xml b/framework/spring/module/pom.xml
index dbf97a910447..ae0eb3950970 100644
--- a/framework/spring/module/pom.xml
+++ b/framework/spring/module/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/acl/dynamic-role-based/pom.xml b/plugins/acl/dynamic-role-based/pom.xml
index 7f3461f8b084..5896cf7e8e73 100644
--- a/plugins/acl/dynamic-role-based/pom.xml
+++ b/plugins/acl/dynamic-role-based/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/acl/project-role-based/pom.xml b/plugins/acl/project-role-based/pom.xml
index cd589ba8c970..2ceb238e6d2c 100644
--- a/plugins/acl/project-role-based/pom.xml
+++ b/plugins/acl/project-role-based/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/acl/static-role-based/pom.xml b/plugins/acl/static-role-based/pom.xml
index 5fba641f13cc..b4244b445422 100644
--- a/plugins/acl/static-role-based/pom.xml
+++ b/plugins/acl/static-role-based/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/affinity-group-processors/explicit-dedication/pom.xml b/plugins/affinity-group-processors/explicit-dedication/pom.xml
index 239e6d36bd64..f5a47a5321f1 100644
--- a/plugins/affinity-group-processors/explicit-dedication/pom.xml
+++ b/plugins/affinity-group-processors/explicit-dedication/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/affinity-group-processors/host-affinity/pom.xml b/plugins/affinity-group-processors/host-affinity/pom.xml
index a4dc0b53d296..5074481484d1 100644
--- a/plugins/affinity-group-processors/host-affinity/pom.xml
+++ b/plugins/affinity-group-processors/host-affinity/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/affinity-group-processors/host-anti-affinity/pom.xml b/plugins/affinity-group-processors/host-anti-affinity/pom.xml
index 9d4f22577b10..a6cd86fc710c 100644
--- a/plugins/affinity-group-processors/host-anti-affinity/pom.xml
+++ b/plugins/affinity-group-processors/host-anti-affinity/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/affinity-group-processors/non-strict-host-affinity/pom.xml b/plugins/affinity-group-processors/non-strict-host-affinity/pom.xml
index 4a9adb5235d2..bec4e1bd2de4 100644
--- a/plugins/affinity-group-processors/non-strict-host-affinity/pom.xml
+++ b/plugins/affinity-group-processors/non-strict-host-affinity/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/affinity-group-processors/non-strict-host-anti-affinity/pom.xml b/plugins/affinity-group-processors/non-strict-host-anti-affinity/pom.xml
index b83926f58a70..1df6b7b24b2f 100644
--- a/plugins/affinity-group-processors/non-strict-host-anti-affinity/pom.xml
+++ b/plugins/affinity-group-processors/non-strict-host-anti-affinity/pom.xml
@@ -25,14 +25,14 @@
         <dependency>
             <groupId>org.apache.cloudstack</groupId>
             <artifactId>cloud-plugin-non-strict-host-affinity</artifactId>
-            <version>4.18.2.2</version>
+            <version>4.18.2.3</version>
             <scope>compile</scope>
         </dependency>
     </dependencies>
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/alert-handlers/snmp-alerts/pom.xml b/plugins/alert-handlers/snmp-alerts/pom.xml
index 1b5b9b793a37..a49940a803d1 100644
--- a/plugins/alert-handlers/snmp-alerts/pom.xml
+++ b/plugins/alert-handlers/snmp-alerts/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <artifactId>cloudstack-plugins</artifactId>
         <groupId>org.apache.cloudstack</groupId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/alert-handlers/syslog-alerts/pom.xml b/plugins/alert-handlers/syslog-alerts/pom.xml
index 3082c22d5d3b..0531e67cba21 100644
--- a/plugins/alert-handlers/syslog-alerts/pom.xml
+++ b/plugins/alert-handlers/syslog-alerts/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <artifactId>cloudstack-plugins</artifactId>
         <groupId>org.apache.cloudstack</groupId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/api/discovery/pom.xml b/plugins/api/discovery/pom.xml
index d5c2fdcb7cab..8b42abdb6b74 100644
--- a/plugins/api/discovery/pom.xml
+++ b/plugins/api/discovery/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/api/rate-limit/pom.xml b/plugins/api/rate-limit/pom.xml
index d04b7e6d5821..7e9f4bdf70b4 100644
--- a/plugins/api/rate-limit/pom.xml
+++ b/plugins/api/rate-limit/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <build>
diff --git a/plugins/api/solidfire-intg-test/pom.xml b/plugins/api/solidfire-intg-test/pom.xml
index e7ae0cf72278..cc570a632243 100644
--- a/plugins/api/solidfire-intg-test/pom.xml
+++ b/plugins/api/solidfire-intg-test/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/api/vmware-sioc/pom.xml b/plugins/api/vmware-sioc/pom.xml
index 72eead0699bd..001fc83df9b2 100644
--- a/plugins/api/vmware-sioc/pom.xml
+++ b/plugins/api/vmware-sioc/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/backup/dummy/pom.xml b/plugins/backup/dummy/pom.xml
index 875aca002361..0faffad3950c 100644
--- a/plugins/backup/dummy/pom.xml
+++ b/plugins/backup/dummy/pom.xml
@@ -23,7 +23,7 @@
     <parent>
         <artifactId>cloudstack-plugins</artifactId>
         <groupId>org.apache.cloudstack</groupId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/backup/networker/pom.xml b/plugins/backup/networker/pom.xml
index 723440220477..6e409a62364a 100644
--- a/plugins/backup/networker/pom.xml
+++ b/plugins/backup/networker/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <artifactId>cloudstack-plugins</artifactId>
         <groupId>org.apache.cloudstack</groupId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/backup/veeam/pom.xml b/plugins/backup/veeam/pom.xml
index 74f5fea53542..0fe626181827 100644
--- a/plugins/backup/veeam/pom.xml
+++ b/plugins/backup/veeam/pom.xml
@@ -23,7 +23,7 @@
   <parent>
     <artifactId>cloudstack-plugins</artifactId>
     <groupId>org.apache.cloudstack</groupId>
-    <version>4.18.2.2</version>
+    <version>4.18.2.3</version>
     <relativePath>../../pom.xml</relativePath>
   </parent>
 
diff --git a/plugins/ca/root-ca/pom.xml b/plugins/ca/root-ca/pom.xml
index 616de0d6a350..7b955d17c442 100644
--- a/plugins/ca/root-ca/pom.xml
+++ b/plugins/ca/root-ca/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/database/mysql-ha/pom.xml b/plugins/database/mysql-ha/pom.xml
index 72aa6a1f8caf..2eab555fae29 100644
--- a/plugins/database/mysql-ha/pom.xml
+++ b/plugins/database/mysql-ha/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/database/quota/pom.xml b/plugins/database/quota/pom.xml
index 19b3ed69f205..73b50bd94b13 100644
--- a/plugins/database/quota/pom.xml
+++ b/plugins/database/quota/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/dedicated-resources/pom.xml b/plugins/dedicated-resources/pom.xml
index c453189cb0f5..4d09b267ab5e 100644
--- a/plugins/dedicated-resources/pom.xml
+++ b/plugins/dedicated-resources/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/deployment-planners/implicit-dedication/pom.xml b/plugins/deployment-planners/implicit-dedication/pom.xml
index fc7cadf14bbc..45df9b2a060e 100644
--- a/plugins/deployment-planners/implicit-dedication/pom.xml
+++ b/plugins/deployment-planners/implicit-dedication/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/deployment-planners/user-concentrated-pod/pom.xml b/plugins/deployment-planners/user-concentrated-pod/pom.xml
index 252291fd7e79..a344bf560a58 100644
--- a/plugins/deployment-planners/user-concentrated-pod/pom.xml
+++ b/plugins/deployment-planners/user-concentrated-pod/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/deployment-planners/user-dispersing/pom.xml b/plugins/deployment-planners/user-dispersing/pom.xml
index ebb32d8474b8..e2fa1d388399 100644
--- a/plugins/deployment-planners/user-dispersing/pom.xml
+++ b/plugins/deployment-planners/user-dispersing/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/event-bus/inmemory/pom.xml b/plugins/event-bus/inmemory/pom.xml
index f8a8793f9f56..973de93479e2 100644
--- a/plugins/event-bus/inmemory/pom.xml
+++ b/plugins/event-bus/inmemory/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/event-bus/kafka/pom.xml b/plugins/event-bus/kafka/pom.xml
index 6b26819b4b59..b8640be047a7 100644
--- a/plugins/event-bus/kafka/pom.xml
+++ b/plugins/event-bus/kafka/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/event-bus/rabbitmq/pom.xml b/plugins/event-bus/rabbitmq/pom.xml
index ed6ff85d5dd8..76831c8e68cb 100644
--- a/plugins/event-bus/rabbitmq/pom.xml
+++ b/plugins/event-bus/rabbitmq/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/ha-planners/skip-heurestics/pom.xml b/plugins/ha-planners/skip-heurestics/pom.xml
index a7e11f3eec1f..edfb68b6392f 100644
--- a/plugins/ha-planners/skip-heurestics/pom.xml
+++ b/plugins/ha-planners/skip-heurestics/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/host-allocators/random/pom.xml b/plugins/host-allocators/random/pom.xml
index 604e074605cd..57ccc867d9c0 100644
--- a/plugins/host-allocators/random/pom.xml
+++ b/plugins/host-allocators/random/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/hypervisors/baremetal/pom.xml b/plugins/hypervisors/baremetal/pom.xml
index 7edbefecd905..57c3e26fdcb7 100755
--- a/plugins/hypervisors/baremetal/pom.xml
+++ b/plugins/hypervisors/baremetal/pom.xml
@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <artifactId>cloud-plugin-hypervisor-baremetal</artifactId>
diff --git a/plugins/hypervisors/hyperv/pom.xml b/plugins/hypervisors/hyperv/pom.xml
index 43118bc58e23..90e9f99fbdb8 100644
--- a/plugins/hypervisors/hyperv/pom.xml
+++ b/plugins/hypervisors/hyperv/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <properties>
diff --git a/plugins/hypervisors/kvm/pom.xml b/plugins/hypervisors/kvm/pom.xml
index c3dab8a6cb4c..1bbd8ab6d0d6 100644
--- a/plugins/hypervisors/kvm/pom.xml
+++ b/plugins/hypervisors/kvm/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/hypervisors/ovm/pom.xml b/plugins/hypervisors/ovm/pom.xml
index ea7c0c32f84b..6a749fc87692 100644
--- a/plugins/hypervisors/ovm/pom.xml
+++ b/plugins/hypervisors/ovm/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/hypervisors/ovm3/pom.xml b/plugins/hypervisors/ovm3/pom.xml
index 8d9b6cba5f98..790c779047b9 100644
--- a/plugins/hypervisors/ovm3/pom.xml
+++ b/plugins/hypervisors/ovm3/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/hypervisors/simulator/pom.xml b/plugins/hypervisors/simulator/pom.xml
index 3e143881efc3..4cc2b89e44d5 100644
--- a/plugins/hypervisors/simulator/pom.xml
+++ b/plugins/hypervisors/simulator/pom.xml
@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <artifactId>cloud-plugin-hypervisor-simulator</artifactId>
diff --git a/plugins/hypervisors/ucs/pom.xml b/plugins/hypervisors/ucs/pom.xml
index e5e8b7e42655..3007e121eaaf 100644
--- a/plugins/hypervisors/ucs/pom.xml
+++ b/plugins/hypervisors/ucs/pom.xml
@@ -23,7 +23,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <artifactId>cloud-plugin-hypervisor-ucs</artifactId>
diff --git a/plugins/hypervisors/vmware/pom.xml b/plugins/hypervisors/vmware/pom.xml
index 893ce9552985..e225e7fc7466 100644
--- a/plugins/hypervisors/vmware/pom.xml
+++ b/plugins/hypervisors/vmware/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/hypervisors/xenserver/pom.xml b/plugins/hypervisors/xenserver/pom.xml
index a3fd83390a21..21579c8994ef 100644
--- a/plugins/hypervisors/xenserver/pom.xml
+++ b/plugins/hypervisors/xenserver/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/integrations/cloudian/pom.xml b/plugins/integrations/cloudian/pom.xml
index 85ed1ef01a08..f2d8bc1c8afa 100644
--- a/plugins/integrations/cloudian/pom.xml
+++ b/plugins/integrations/cloudian/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/integrations/kubernetes-service/pom.xml b/plugins/integrations/kubernetes-service/pom.xml
index 57737416cc19..b4a97833b4cc 100644
--- a/plugins/integrations/kubernetes-service/pom.xml
+++ b/plugins/integrations/kubernetes-service/pom.xml
@@ -26,7 +26,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/integrations/prometheus/pom.xml b/plugins/integrations/prometheus/pom.xml
index 968af0e2f3f9..d5420bdfae03 100644
--- a/plugins/integrations/prometheus/pom.xml
+++ b/plugins/integrations/prometheus/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/metrics/pom.xml b/plugins/metrics/pom.xml
index 01a3681564df..401e4c5715a3 100644
--- a/plugins/metrics/pom.xml
+++ b/plugins/metrics/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/network-elements/bigswitch/pom.xml b/plugins/network-elements/bigswitch/pom.xml
index 0214a2e257c2..5613e1d0ece6 100644
--- a/plugins/network-elements/bigswitch/pom.xml
+++ b/plugins/network-elements/bigswitch/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/network-elements/brocade-vcs/pom.xml b/plugins/network-elements/brocade-vcs/pom.xml
index bc4ce9ac6bae..36b7774a7b4c 100644
--- a/plugins/network-elements/brocade-vcs/pom.xml
+++ b/plugins/network-elements/brocade-vcs/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <build>
diff --git a/plugins/network-elements/cisco-vnmc/pom.xml b/plugins/network-elements/cisco-vnmc/pom.xml
index b8b540eaed22..767c1db915ca 100644
--- a/plugins/network-elements/cisco-vnmc/pom.xml
+++ b/plugins/network-elements/cisco-vnmc/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/network-elements/dns-notifier/pom.xml b/plugins/network-elements/dns-notifier/pom.xml
index 95799a75e997..bdf790b26722 100644
--- a/plugins/network-elements/dns-notifier/pom.xml
+++ b/plugins/network-elements/dns-notifier/pom.xml
@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <artifactId>cloud-plugin-example-dns-notifier</artifactId>
diff --git a/plugins/network-elements/elastic-loadbalancer/pom.xml b/plugins/network-elements/elastic-loadbalancer/pom.xml
index e9b48b6e45de..cdd257c15901 100644
--- a/plugins/network-elements/elastic-loadbalancer/pom.xml
+++ b/plugins/network-elements/elastic-loadbalancer/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/network-elements/globodns/pom.xml b/plugins/network-elements/globodns/pom.xml
index 30932b367c24..520aa310fe12 100644
--- a/plugins/network-elements/globodns/pom.xml
+++ b/plugins/network-elements/globodns/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/network-elements/internal-loadbalancer/pom.xml b/plugins/network-elements/internal-loadbalancer/pom.xml
index cda6a0d23f89..9e69680a9513 100644
--- a/plugins/network-elements/internal-loadbalancer/pom.xml
+++ b/plugins/network-elements/internal-loadbalancer/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/network-elements/juniper-contrail/pom.xml b/plugins/network-elements/juniper-contrail/pom.xml
index 5510aa845fb0..c843674075cf 100644
--- a/plugins/network-elements/juniper-contrail/pom.xml
+++ b/plugins/network-elements/juniper-contrail/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <repositories>
diff --git a/plugins/network-elements/netscaler/pom.xml b/plugins/network-elements/netscaler/pom.xml
index 28f03475a07d..16dfd1ebf4da 100644
--- a/plugins/network-elements/netscaler/pom.xml
+++ b/plugins/network-elements/netscaler/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/network-elements/nicira-nvp/pom.xml b/plugins/network-elements/nicira-nvp/pom.xml
index 9944523f3f7e..08bd8a0f4ed7 100644
--- a/plugins/network-elements/nicira-nvp/pom.xml
+++ b/plugins/network-elements/nicira-nvp/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/network-elements/opendaylight/pom.xml b/plugins/network-elements/opendaylight/pom.xml
index c26f675d4191..34eb632b88f3 100644
--- a/plugins/network-elements/opendaylight/pom.xml
+++ b/plugins/network-elements/opendaylight/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <profiles>
diff --git a/plugins/network-elements/ovs/pom.xml b/plugins/network-elements/ovs/pom.xml
index bbcff6bd4570..d6256cc77948 100644
--- a/plugins/network-elements/ovs/pom.xml
+++ b/plugins/network-elements/ovs/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/network-elements/palo-alto/pom.xml b/plugins/network-elements/palo-alto/pom.xml
index 460b0350e70f..cad5d3d9fc63 100644
--- a/plugins/network-elements/palo-alto/pom.xml
+++ b/plugins/network-elements/palo-alto/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/network-elements/stratosphere-ssp/pom.xml b/plugins/network-elements/stratosphere-ssp/pom.xml
index 40a125533621..4abb8622205f 100644
--- a/plugins/network-elements/stratosphere-ssp/pom.xml
+++ b/plugins/network-elements/stratosphere-ssp/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/network-elements/tungsten/pom.xml b/plugins/network-elements/tungsten/pom.xml
index 19bb24a838d7..581c09d412cf 100644
--- a/plugins/network-elements/tungsten/pom.xml
+++ b/plugins/network-elements/tungsten/pom.xml
@@ -26,7 +26,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
diff --git a/plugins/network-elements/vxlan/pom.xml b/plugins/network-elements/vxlan/pom.xml
index 159adff3bebd..c29da64710d7 100644
--- a/plugins/network-elements/vxlan/pom.xml
+++ b/plugins/network-elements/vxlan/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/outofbandmanagement-drivers/ipmitool/pom.xml b/plugins/outofbandmanagement-drivers/ipmitool/pom.xml
index 6c7671735421..b3df88c276cd 100644
--- a/plugins/outofbandmanagement-drivers/ipmitool/pom.xml
+++ b/plugins/outofbandmanagement-drivers/ipmitool/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/outofbandmanagement-drivers/nested-cloudstack/pom.xml b/plugins/outofbandmanagement-drivers/nested-cloudstack/pom.xml
index a6e932bf746e..e12de629a974 100644
--- a/plugins/outofbandmanagement-drivers/nested-cloudstack/pom.xml
+++ b/plugins/outofbandmanagement-drivers/nested-cloudstack/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/outofbandmanagement-drivers/redfish/pom.xml b/plugins/outofbandmanagement-drivers/redfish/pom.xml
index a7c5e47cb656..5f7590a73ce3 100644
--- a/plugins/outofbandmanagement-drivers/redfish/pom.xml
+++ b/plugins/outofbandmanagement-drivers/redfish/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/pom.xml b/plugins/pom.xml
index 9431ae71c4b3..76d621000f80 100755
--- a/plugins/pom.xml
+++ b/plugins/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
     </parent>
     <build>
         <plugins>
diff --git a/plugins/storage-allocators/random/pom.xml b/plugins/storage-allocators/random/pom.xml
index ba36eb37e793..89f3b8ad2c67 100644
--- a/plugins/storage-allocators/random/pom.xml
+++ b/plugins/storage-allocators/random/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/image/default/pom.xml b/plugins/storage/image/default/pom.xml
index af40fd3f73d8..e14ff6dafa36 100644
--- a/plugins/storage/image/default/pom.xml
+++ b/plugins/storage/image/default/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/image/s3/pom.xml b/plugins/storage/image/s3/pom.xml
index dc9e8a91b460..f6603ab4b0d3 100644
--- a/plugins/storage/image/s3/pom.xml
+++ b/plugins/storage/image/s3/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/image/sample/pom.xml b/plugins/storage/image/sample/pom.xml
index 3066fcb25475..1acd92cc1b12 100644
--- a/plugins/storage/image/sample/pom.xml
+++ b/plugins/storage/image/sample/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/image/swift/pom.xml b/plugins/storage/image/swift/pom.xml
index 54420cf987ab..b06c99aaf253 100644
--- a/plugins/storage/image/swift/pom.xml
+++ b/plugins/storage/image/swift/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/volume/cloudbyte/pom.xml b/plugins/storage/volume/cloudbyte/pom.xml
index a10ebfce651b..85f9aec67148 100644
--- a/plugins/storage/volume/cloudbyte/pom.xml
+++ b/plugins/storage/volume/cloudbyte/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/volume/datera/pom.xml b/plugins/storage/volume/datera/pom.xml
index 874f5d30a909..283b42239e47 100644
--- a/plugins/storage/volume/datera/pom.xml
+++ b/plugins/storage/volume/datera/pom.xml
@@ -16,7 +16,7 @@
   <parent>
     <groupId>org.apache.cloudstack</groupId>
     <artifactId>cloudstack-plugins</artifactId>
-    <version>4.18.2.2</version>
+    <version>4.18.2.3</version>
     <relativePath>../../../pom.xml</relativePath>
   </parent>
   <dependencies>
diff --git a/plugins/storage/volume/default/pom.xml b/plugins/storage/volume/default/pom.xml
index ad81553d81d9..33546ea11938 100644
--- a/plugins/storage/volume/default/pom.xml
+++ b/plugins/storage/volume/default/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/volume/linstor/pom.xml b/plugins/storage/volume/linstor/pom.xml
index c41641750c83..4304c932bab9 100644
--- a/plugins/storage/volume/linstor/pom.xml
+++ b/plugins/storage/volume/linstor/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/volume/nexenta/pom.xml b/plugins/storage/volume/nexenta/pom.xml
index dcf4d2e937b6..a5b88169e824 100644
--- a/plugins/storage/volume/nexenta/pom.xml
+++ b/plugins/storage/volume/nexenta/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/volume/sample/pom.xml b/plugins/storage/volume/sample/pom.xml
index ab5c9fa95c9b..558ce8c1cce5 100644
--- a/plugins/storage/volume/sample/pom.xml
+++ b/plugins/storage/volume/sample/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/volume/scaleio/pom.xml b/plugins/storage/volume/scaleio/pom.xml
index 88bc34e84cec..a959578fb35b 100644
--- a/plugins/storage/volume/scaleio/pom.xml
+++ b/plugins/storage/volume/scaleio/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/volume/solidfire/pom.xml b/plugins/storage/volume/solidfire/pom.xml
index 16c7f4c53ce4..ae01b5c14297 100644
--- a/plugins/storage/volume/solidfire/pom.xml
+++ b/plugins/storage/volume/solidfire/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/volume/storpool/pom.xml b/plugins/storage/volume/storpool/pom.xml
index 51728640c4f8..ee6684021989 100644
--- a/plugins/storage/volume/storpool/pom.xml
+++ b/plugins/storage/volume/storpool/pom.xml
@@ -17,7 +17,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/user-authenticators/ldap/pom.xml b/plugins/user-authenticators/ldap/pom.xml
index d1cfdcab74a9..7a6ed59ce532 100644
--- a/plugins/user-authenticators/ldap/pom.xml
+++ b/plugins/user-authenticators/ldap/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
diff --git a/plugins/user-authenticators/md5/pom.xml b/plugins/user-authenticators/md5/pom.xml
index dc090744a383..58a4a40fc939 100644
--- a/plugins/user-authenticators/md5/pom.xml
+++ b/plugins/user-authenticators/md5/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/user-authenticators/pbkdf2/pom.xml b/plugins/user-authenticators/pbkdf2/pom.xml
index 2c7daaa3c0fc..4ea946af22fa 100644
--- a/plugins/user-authenticators/pbkdf2/pom.xml
+++ b/plugins/user-authenticators/pbkdf2/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/user-authenticators/plain-text/pom.xml b/plugins/user-authenticators/plain-text/pom.xml
index 49ae365cd631..a2201dc011d8 100644
--- a/plugins/user-authenticators/plain-text/pom.xml
+++ b/plugins/user-authenticators/plain-text/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/user-authenticators/saml2/pom.xml b/plugins/user-authenticators/saml2/pom.xml
index 655f7dcf2df0..8caf4d085eff 100644
--- a/plugins/user-authenticators/saml2/pom.xml
+++ b/plugins/user-authenticators/saml2/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/user-authenticators/sha256salted/pom.xml b/plugins/user-authenticators/sha256salted/pom.xml
index f3e0918d6a0f..2813c96146c6 100644
--- a/plugins/user-authenticators/sha256salted/pom.xml
+++ b/plugins/user-authenticators/sha256salted/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/user-two-factor-authenticators/static-pin/pom.xml b/plugins/user-two-factor-authenticators/static-pin/pom.xml
index 88fb371fc8c1..6e1a9a3ac7ca 100644
--- a/plugins/user-two-factor-authenticators/static-pin/pom.xml
+++ b/plugins/user-two-factor-authenticators/static-pin/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
\ No newline at end of file
diff --git a/plugins/user-two-factor-authenticators/totp/pom.xml b/plugins/user-two-factor-authenticators/totp/pom.xml
index ce481ed4ada8..818aedaebafa 100644
--- a/plugins/user-two-factor-authenticators/totp/pom.xml
+++ b/plugins/user-two-factor-authenticators/totp/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index 05a4c4471904..df6552268f36 100644
--- a/pom.xml
+++ b/pom.xml
@@ -29,7 +29,7 @@
 
     <groupId>org.apache.cloudstack</groupId>
     <artifactId>cloudstack</artifactId>
-    <version>4.18.2.2</version>
+    <version>4.18.2.3</version>
     <packaging>pom</packaging>
     <name>Apache CloudStack</name>
     <description>Apache CloudStack is an IaaS ("Infrastructure as a Service") cloud orchestration platform.</description>
diff --git a/quickcloud/pom.xml b/quickcloud/pom.xml
index bc61fbc43973..5fdf7d550133 100644
--- a/quickcloud/pom.xml
+++ b/quickcloud/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/server/pom.xml b/server/pom.xml
index 2d94fd446e08..ddbfbb7516c6 100644
--- a/server/pom.xml
+++ b/server/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
     </parent>
     <repositories>
         <repository>
diff --git a/services/console-proxy/pom.xml b/services/console-proxy/pom.xml
index 083eb6c1f02d..a92d715a0fc5 100644
--- a/services/console-proxy/pom.xml
+++ b/services/console-proxy/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-services</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <build>
diff --git a/services/console-proxy/rdpconsole/pom.xml b/services/console-proxy/rdpconsole/pom.xml
index a9d9430e9e6b..16160cbaa3ee 100644
--- a/services/console-proxy/rdpconsole/pom.xml
+++ b/services/console-proxy/rdpconsole/pom.xml
@@ -26,7 +26,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-service-console-proxy</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/services/console-proxy/server/pom.xml b/services/console-proxy/server/pom.xml
index eee4cde4f8c3..268486f07422 100644
--- a/services/console-proxy/server/pom.xml
+++ b/services/console-proxy/server/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-service-console-proxy</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/services/pom.xml b/services/pom.xml
index 17d3db57d0be..a8b1965c7718 100644
--- a/services/pom.xml
+++ b/services/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <build>
diff --git a/services/secondary-storage/controller/pom.xml b/services/secondary-storage/controller/pom.xml
index 81b47bb97a50..bc109479172b 100644
--- a/services/secondary-storage/controller/pom.xml
+++ b/services/secondary-storage/controller/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-service-secondary-storage</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/services/secondary-storage/pom.xml b/services/secondary-storage/pom.xml
index 1694b1fbb8d7..3aaf2b84e8e9 100644
--- a/services/secondary-storage/pom.xml
+++ b/services/secondary-storage/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-services</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <build>
diff --git a/services/secondary-storage/server/pom.xml b/services/secondary-storage/server/pom.xml
index e07ec1ac37ec..07ef8174c007 100644
--- a/services/secondary-storage/server/pom.xml
+++ b/services/secondary-storage/server/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-service-secondary-storage</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/systemvm/pom.xml b/systemvm/pom.xml
index d01cc947e72d..1320e74d6907 100644
--- a/systemvm/pom.xml
+++ b/systemvm/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <properties>
diff --git a/test/pom.xml b/test/pom.xml
index 658c4df91dc7..c9d75a3a5c92 100644
--- a/test/pom.xml
+++ b/test/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
     </parent>
     <dependencies>
         <dependency>
diff --git a/tools/apidoc/pom.xml b/tools/apidoc/pom.xml
index 500ff538f264..2927b2503055 100644
--- a/tools/apidoc/pom.xml
+++ b/tools/apidoc/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-tools</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <properties>
diff --git a/tools/checkstyle/pom.xml b/tools/checkstyle/pom.xml
index 3b4f3334bfbd..5c625773cbee 100644
--- a/tools/checkstyle/pom.xml
+++ b/tools/checkstyle/pom.xml
@@ -22,7 +22,7 @@
     <name>Apache CloudStack Developer Tools - Checkstyle Configuration</name>
     <groupId>org.apache.cloudstack</groupId>
     <artifactId>checkstyle</artifactId>
-    <version>4.18.2.2</version>
+    <version>4.18.2.3</version>
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
diff --git a/tools/devcloud-kvm/pom.xml b/tools/devcloud-kvm/pom.xml
index 86e03d71aa6d..8d6ab4a51360 100644
--- a/tools/devcloud-kvm/pom.xml
+++ b/tools/devcloud-kvm/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-tools</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/tools/devcloud4/pom.xml b/tools/devcloud4/pom.xml
index 69ef115ed95b..aaea539644e2 100644
--- a/tools/devcloud4/pom.xml
+++ b/tools/devcloud4/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-tools</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/tools/marvin/pom.xml b/tools/marvin/pom.xml
index 2e203dfaf624..e18fbaf44196 100644
--- a/tools/marvin/pom.xml
+++ b/tools/marvin/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-tools</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/tools/pom.xml b/tools/pom.xml
index 8acb1d5458a5..f1b315df7b65 100644
--- a/tools/pom.xml
+++ b/tools/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <build>
diff --git a/usage/pom.xml b/usage/pom.xml
index 187dcac93962..b8678204fba2 100644
--- a/usage/pom.xml
+++ b/usage/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
     </parent>
     <dependencies>
         <dependency>
diff --git a/utils/pom.xml b/utils/pom.xml
index b17296370599..a5c058c90f5b 100755
--- a/utils/pom.xml
+++ b/utils/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/vmware-base/pom.xml b/vmware-base/pom.xml
index 54ca81a3eda8..5c6707f1c19a 100644
--- a/vmware-base/pom.xml
+++ b/vmware-base/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.2</version>
+        <version>4.18.2.3</version>
     </parent>
     <dependencies>
         <dependency>

From 7cfbcf4b4f1b3e36ea496cbdbf17d1c49d8a8d1b Mon Sep 17 00:00:00 2001
From: Abhishek Kumar <abhishek.mrt22@gmail.com>
Date: Sat, 3 Aug 2024 02:00:04 +0530
Subject: [PATCH 07/24] [4.19] server, api, ui: access improvements and
 assorted fixes (#22)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* server, api, ui: access improvements and assorted fixes

Fixes domain-admin access check to prevent unauthorized access.

Co-authored-by: Fabricio Duarte <fabricio.duarte.jr@gmail.com>
Co-authored-by: nvazquez <nicovazquez90@gmail.com>
Co-authored-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* Revert "server: refactor listNetworks api database retrievals (#9184)"

This reverts commit c7f1ba5b8eec03d51bfe0f1432e46c9101b0f940.

* Fix snapshot chain being deleted on XenServer (#9447)

Using XenServer as the hypervisor, when deleting a snapshot that has a parent, that parent will also get erased on storage, causing data loss. This behavior was introduced with #7873, where the list of snapshot states that can be deleted was changed to add BackedUp snapshots.

This PR changes the states list back to the original list, and swaps the while loop for a do while loop to account for the changes in #7873.

Fixes #9446

* UI: Display Firewall, LB and Port Forwading rules tab for CKS clusters deployed on isolated networks (#9458)

---------

Co-authored-by: nvazquez <nicovazquez90@gmail.com>
Co-authored-by: Fabricio Duarte <fabricio.duarte.jr@gmail.com>
Co-authored-by: João Jandre <48719461+JoaoJandre@users.noreply.github.com>
Co-authored-by: Pearl Dsilva <pearl1594@gmail.com>
---
 .github/workflows/ci.yml                      |   1 +
 .../snapshot/DefaultSnapshotStrategy.java     |   7 +-
 .../java/com/cloud/acl/DomainChecker.java     |  68 ++++--
 .../com/cloud/network/NetworkServiceImpl.java | 209 ++++++++----------
 .../com/cloud/user/AccountManagerImpl.java    |  18 +-
 .../java/com/cloud/acl/DomainCheckerTest.java | 166 ++++++++++++++
 .../cloud/user/AccountManagerImplTest.java    |  58 +++++
 test/integration/smoke/test_account_access.py | 198 +++++++++++++++++
 ui/src/views/compute/KubernetesServiceTab.vue |   1 +
 9 files changed, 589 insertions(+), 137 deletions(-)
 create mode 100644 server/src/test/java/com/cloud/acl/DomainCheckerTest.java
 create mode 100644 test/integration/smoke/test_account_access.py

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 42407a48b9b2..d369916f712e 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -35,6 +35,7 @@ jobs:
       fail-fast: false
       matrix:
         tests: [ "smoke/test_accounts
+                  smoke/test_account_access
                   smoke/test_affinity_groups
                   smoke/test_affinity_groups_projects
                   smoke/test_annotations
diff --git a/engine/storage/snapshot/src/main/java/org/apache/cloudstack/storage/snapshot/DefaultSnapshotStrategy.java b/engine/storage/snapshot/src/main/java/org/apache/cloudstack/storage/snapshot/DefaultSnapshotStrategy.java
index f1f073db1701..333272113bd2 100644
--- a/engine/storage/snapshot/src/main/java/org/apache/cloudstack/storage/snapshot/DefaultSnapshotStrategy.java
+++ b/engine/storage/snapshot/src/main/java/org/apache/cloudstack/storage/snapshot/DefaultSnapshotStrategy.java
@@ -102,6 +102,8 @@ public class DefaultSnapshotStrategy extends SnapshotStrategyBase {
     @Inject
     SnapshotZoneDao snapshotZoneDao;
 
+    private final List<Snapshot.State> snapshotStatesAbleToDeleteSnapshot = Arrays.asList(Snapshot.State.Destroying, Snapshot.State.Destroyed, Snapshot.State.Error);
+
     public SnapshotDataStoreVO getSnapshotImageStoreRef(long snapshotId, long zoneId) {
         List<SnapshotDataStoreVO> snaps = snapshotStoreDao.listReadyBySnapshot(snapshotId, DataStoreRole.Image);
         for (SnapshotDataStoreVO ref : snaps) {
@@ -199,9 +201,8 @@ protected boolean deleteSnapshotChain(SnapshotInfo snapshot, String storageToStr
 
         boolean result = false;
         boolean resultIsSet = false;
-        final List<Snapshot.State> snapshotStatesAbleToDeleteSnapshot = Arrays.asList(Snapshot.State.BackedUp, Snapshot.State.Destroying, Snapshot.State.Destroyed, Snapshot.State.Error);
         try {
-            while (snapshot != null && snapshotStatesAbleToDeleteSnapshot.contains(snapshot.getState())) {
+            do {
                 SnapshotInfo child = snapshot.getChild();
 
                 if (child != null) {
@@ -247,7 +248,7 @@ protected boolean deleteSnapshotChain(SnapshotInfo snapshot, String storageToStr
                 }
 
                 snapshot = parent;
-            }
+            } while (snapshot != null && snapshotStatesAbleToDeleteSnapshot.contains(snapshot.getState()));
         } catch (Exception e) {
             s_logger.error(String.format("Failed to delete snapshot [%s] on storage [%s] due to [%s].", snapshotTo, storageToString, e.getMessage()), e);
         }
diff --git a/server/src/main/java/com/cloud/acl/DomainChecker.java b/server/src/main/java/com/cloud/acl/DomainChecker.java
index a8c9ab84f7ec..7930be49ec13 100644
--- a/server/src/main/java/com/cloud/acl/DomainChecker.java
+++ b/server/src/main/java/com/cloud/acl/DomainChecker.java
@@ -208,7 +208,7 @@ public boolean checkAccess(Account caller, ControlledEntity entity, AccessType a
 
             return true;
         } else if (entity instanceof Network && accessType != null && accessType == AccessType.UseEntry) {
-            _networkMgr.checkNetworkPermissions(caller, (Network)entity);
+            _networkMgr.checkNetworkPermissions(caller, (Network) entity);
         } else if (entity instanceof Network && accessType != null && accessType == AccessType.OperateEntry) {
             _networkMgr.checkNetworkOperatePermissions(caller, (Network)entity);
         } else if (entity instanceof VirtualRouter) {
@@ -216,30 +216,58 @@ public boolean checkAccess(Account caller, ControlledEntity entity, AccessType a
         } else if (entity instanceof AffinityGroup) {
             return false;
         } else {
-            if (_accountService.isNormalUser(caller.getId())) {
-                Account account = _accountDao.findById(entity.getAccountId());
-                String errorMessage = String.format("%s does not have permission to operate with resource", caller);
-                if (account != null && account.getType() == Account.Type.PROJECT) {
-                    //only project owner can delete/modify the project
-                    if (accessType != null && accessType == AccessType.ModifyProject) {
-                        if (!_projectMgr.canModifyProjectAccount(caller, account.getId())) {
-                            throw new PermissionDeniedException(errorMessage);
-                        }
-                    } else if (!_projectMgr.canAccessProjectAccount(caller, account.getId())) {
-                        throw new PermissionDeniedException(errorMessage);
-                    }
-                    checkOperationPermitted(caller, entity);
-                } else {
-                    if (caller.getId() != entity.getAccountId()) {
-                        throw new PermissionDeniedException(errorMessage);
-                    }
+            validateCallerHasAccessToEntityOwner(caller, entity, accessType);
+        }
+        return true;
+    }
+
+    protected void validateCallerHasAccessToEntityOwner(Account caller, ControlledEntity entity, AccessType accessType) {
+        PermissionDeniedException exception = new PermissionDeniedException("Caller does not have permission to operate with provided resource.");
+        String entityLog = String.format("entity [owner ID: %d, type: %s]", entity.getAccountId(),
+                entity.getEntityType().getSimpleName());
+
+        if (_accountService.isRootAdmin(caller.getId())) {
+            return;
+        }
+
+        if (caller.getId() == entity.getAccountId()) {
+            return;
+        }
+
+        Account owner = _accountDao.findById(entity.getAccountId());
+        if (owner == null) {
+            s_logger.error(String.format("Owner not found for %s", entityLog));
+            throw exception;
+        }
+
+        Account.Type callerAccountType = caller.getType();
+        if ((callerAccountType == Account.Type.DOMAIN_ADMIN || callerAccountType == Account.Type.RESOURCE_DOMAIN_ADMIN) &&
+                _domainDao.isChildDomain(caller.getDomainId(), owner.getDomainId())) {
+            return;
+        }
+
+        if (owner.getType() == Account.Type.PROJECT) {
+            // only project owner can delete/modify the project
+            if (accessType == AccessType.ModifyProject) {
+                if (!_projectMgr.canModifyProjectAccount(caller, owner.getId())) {
+                    s_logger.error(String.format("Caller ID: %d does not have permission to modify project with " +
+                            "owner ID: %d", caller.getId(), owner.getId()));
+                    throw exception;
                 }
+            } else if (!_projectMgr.canAccessProjectAccount(caller, owner.getId())) {
+                s_logger.error(String.format("Caller ID: %d does not have permission to access project with " +
+                        "owner ID: %d", caller.getId(), owner.getId()));
+                throw exception;
             }
+            checkOperationPermitted(caller, entity);
+            return;
         }
-        return true;
+
+        s_logger.error(String.format("Caller ID: %d does not have permission to access %s", caller.getId(), entityLog));
+        throw exception;
     }
 
-    private boolean checkOperationPermitted(Account caller, ControlledEntity entity) {
+    protected boolean checkOperationPermitted(Account caller, ControlledEntity entity) {
         User user = CallContext.current().getCallingUser();
         Project project = projectDao.findByProjectAccountId(entity.getAccountId());
         if (project == null) {
diff --git a/server/src/main/java/com/cloud/network/NetworkServiceImpl.java b/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
index 83ef8b1b2132..c58463ac708e 100644
--- a/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
+++ b/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
@@ -36,6 +36,7 @@
 import java.util.Map;
 import java.util.Set;
 import java.util.UUID;
+import java.util.stream.Collectors;
 
 import javax.inject.Inject;
 import javax.naming.ConfigurationException;
@@ -2196,9 +2197,6 @@ public Pair<List<? extends Network>, Integer> searchForNetworks(ListNetworksCmd
         Long associatedNetworkId = cmd.getAssociatedNetworkId();
         String networkFilterStr = cmd.getNetworkFilter();
 
-        boolean applyManualPagination = CollectionUtils.isNotEmpty(supportedServicesStr) ||
-                Boolean.TRUE.equals(canUseForDeploy);
-
         String vlanId = null;
         if (cmd instanceof ListNetworksCmdByAdmin) {
             vlanId = ((ListNetworksCmdByAdmin)cmd).getVlan();
@@ -2284,13 +2282,7 @@ public Pair<List<? extends Network>, Integer> searchForNetworks(ListNetworksCmd
             isRecursive = true;
         }
 
-        Long offset = cmd.getStartIndex();
-        Long limit = cmd.getPageSizeVal();
-        if (applyManualPagination) {
-            offset = null;
-            limit = null;
-        }
-        Filter searchFilter = new Filter(NetworkVO.class, "id", false, offset, limit);
+        Filter searchFilter = new Filter(NetworkVO.class, "id", false, null, null);
         SearchBuilder<NetworkVO> sb = _networksDao.createSearchBuilder();
 
         if (forVpc != null) {
@@ -2345,123 +2337,113 @@ public Pair<List<? extends Network>, Integer> searchForNetworks(ListNetworksCmd
             sb.join("associatedNetworkSearch", associatedNetworkSearch, sb.entity().getId(), associatedNetworkSearch.entity().getResourceId(), JoinBuilder.JoinType.INNER);
         }
 
-        SearchCriteria<NetworkVO> mainSearchCriteria = createNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId,
-                guestIpType, trafficType, physicalNetworkId, networkOfferingId, aclType, restartRequired,
-                specifyIpRanges, vpcId, tags, display, vlanId, associatedNetworkId);
-        SearchCriteria<NetworkVO> additionalSearchCriteria = _networksDao.createSearchCriteria();
+        List<NetworkVO> networksToReturn = new ArrayList<NetworkVO>();
 
         if (isSystem == null || !isSystem) {
             if (!permittedAccounts.isEmpty()) {
                 if (Arrays.asList(Network.NetworkFilter.Account, Network.NetworkFilter.AccountDomain, Network.NetworkFilter.All).contains(networkFilter)) {
                     //get account level networks
-                    additionalSearchCriteria.addOr("id", SearchCriteria.Op.SC,
-                            getAccountSpecificNetworksSearchCriteria(sb, permittedAccounts, skipProjectNetworks));
+                    networksToReturn.addAll(listAccountSpecificNetworks(buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, guestIpType, trafficType, physicalNetworkId, networkOfferingId,
+                            aclType, skipProjectNetworks, restartRequired, specifyIpRanges, vpcId, tags, display, vlanId, associatedNetworkId), searchFilter, permittedAccounts));
                 }
                 if (domainId != null && Arrays.asList(Network.NetworkFilter.Domain, Network.NetworkFilter.AccountDomain, Network.NetworkFilter.All).contains(networkFilter)) {
                     //get domain level networks
-                    SearchCriteria<NetworkVO> domainLevelSC = getDomainLevelNetworksSearchCriteria(sb, domainId, false);
-                    if (domainLevelSC != null) {
-                        additionalSearchCriteria.addOr("id", SearchCriteria.Op.SC, domainLevelSC);
-                    }
+                    networksToReturn.addAll(listDomainLevelNetworks(buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, guestIpType, trafficType, physicalNetworkId, networkOfferingId,
+                            aclType, true, restartRequired, specifyIpRanges, vpcId, tags, display, vlanId, associatedNetworkId), searchFilter, domainId, false));
                 }
                 if (Arrays.asList(Network.NetworkFilter.Shared, Network.NetworkFilter.All).contains(networkFilter)) {
                     // get shared networks
-                    SearchCriteria<NetworkVO> sharedNetworksSC = getSharedNetworksSearchCriteria(sb, permittedAccounts);
-                    if (sharedNetworksSC != null) {
-                        additionalSearchCriteria.addOr("id", SearchCriteria.Op.SC, sharedNetworksSC);
-                    }
+                    List<NetworkVO> sharedNetworks = listSharedNetworks(buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, guestIpType, trafficType, physicalNetworkId, networkOfferingId,
+                            aclType, true, restartRequired, specifyIpRanges, vpcId, tags, display, vlanId, associatedNetworkId), searchFilter, permittedAccounts);
+                    addNetworksToReturnIfNotExist(networksToReturn, sharedNetworks);
+
                 }
             } else {
                 if (Arrays.asList(Network.NetworkFilter.Account, Network.NetworkFilter.AccountDomain, Network.NetworkFilter.All).contains(networkFilter)) {
                     //add account specific networks
-                    additionalSearchCriteria.addOr("id", SearchCriteria.Op.SC,
-                            getAccountSpecificNetworksByDomainPathSearchCriteria(sb, path, isRecursive,
-                                    skipProjectNetworks));
+                    networksToReturn.addAll(listAccountSpecificNetworksByDomainPath(buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, guestIpType, trafficType, physicalNetworkId, networkOfferingId,
+                            aclType, skipProjectNetworks, restartRequired, specifyIpRanges, vpcId, tags, display, vlanId, associatedNetworkId), searchFilter, path, isRecursive));
                 }
                 if (Arrays.asList(Network.NetworkFilter.Domain, Network.NetworkFilter.AccountDomain, Network.NetworkFilter.All).contains(networkFilter)) {
                     //add domain specific networks of domain + parent domains
-                    SearchCriteria<NetworkVO> domainSpecificNetworksByDomainPathSC =
-                            getDomainSpecificNetworksByDomainPathSearchCriteria(sb, path, isRecursive);
-                    if (domainSpecificNetworksByDomainPathSC != null) {
-                        additionalSearchCriteria.addOr("id", SearchCriteria.Op.SC, domainSpecificNetworksByDomainPathSC);
-                    }
+                    networksToReturn.addAll(listDomainSpecificNetworksByDomainPath(buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, guestIpType, trafficType, physicalNetworkId, networkOfferingId,
+                            aclType, true, restartRequired, specifyIpRanges, vpcId, tags, display, vlanId, associatedNetworkId), searchFilter, path, isRecursive));
                     //add networks of subdomains
                     if (domainId == null) {
-                        SearchCriteria<NetworkVO> domainLevelSC = getDomainLevelNetworksSearchCriteria(sb, caller.getDomainId(), true);
-                        if (domainLevelSC != null) {
-                            additionalSearchCriteria.addOr("id", SearchCriteria.Op.SC, domainLevelSC);
-                        }
+                        networksToReturn.addAll(listDomainLevelNetworks(buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, guestIpType, trafficType, physicalNetworkId, networkOfferingId,
+                            aclType, true, restartRequired, specifyIpRanges, vpcId, tags, display, vlanId, associatedNetworkId), searchFilter, caller.getDomainId(), true));
                     }
                 }
                 if (Arrays.asList(Network.NetworkFilter.Shared, Network.NetworkFilter.All).contains(networkFilter)) {
                     // get shared networks
-                    SearchCriteria<NetworkVO> sharedNetworksSC = getSharedNetworksByDomainPathSearchCriteria(sb, path, isRecursive);
-                    if (sharedNetworksSC != null) {
-                        additionalSearchCriteria.addOr("id", SearchCriteria.Op.SC, sharedNetworksSC);
-                    }
+                    List<NetworkVO> sharedNetworks = listSharedNetworksByDomainPath(buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, guestIpType, trafficType, physicalNetworkId, networkOfferingId,
+                            aclType, true, restartRequired, specifyIpRanges, vpcId, tags, display, vlanId, associatedNetworkId), searchFilter, path, isRecursive);
+                    addNetworksToReturnIfNotExist(networksToReturn, sharedNetworks);
                 }
             }
-            if (CollectionUtils.isNotEmpty(additionalSearchCriteria.getValues())) {
-                mainSearchCriteria.addAnd("id", SearchCriteria.Op.SC, additionalSearchCriteria);
-            }
         } else {
-            if (skipProjectNetworks) {
-                mainSearchCriteria.setJoinParameters("accountSearch", "typeNEQ", Account.Type.PROJECT);
-            } else {
-                mainSearchCriteria.setJoinParameters("accountSearch", "typeEQ", Account.Type.PROJECT);
-            }
+            networksToReturn = _networksDao.search(buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, guestIpType, trafficType, physicalNetworkId, networkOfferingId,
+                    null, true, restartRequired, specifyIpRanges, vpcId, tags, display, vlanId, associatedNetworkId), searchFilter);
         }
-        Pair<List<NetworkVO>, Integer> result = _networksDao.searchAndCount(mainSearchCriteria, searchFilter);
-        List<NetworkVO> networksToReturn = result.first();
 
         if (supportedServicesStr != null && !supportedServicesStr.isEmpty() && !networksToReturn.isEmpty()) {
-            List<NetworkVO> supportedNetworks = new ArrayList<>();
-            Service[] supportedServices = new Service[supportedServicesStr.size()];
+            List<NetworkVO> supportedNetworks = new ArrayList<NetworkVO>();
+            Service[] suppportedServices = new Service[supportedServicesStr.size()];
             int i = 0;
             for (String supportedServiceStr : supportedServicesStr) {
                 Service service = Service.getService(supportedServiceStr);
                 if (service == null) {
                     throw new InvalidParameterValueException("Invalid service specified " + supportedServiceStr);
                 } else {
-                    supportedServices[i] = service;
+                    suppportedServices[i] = service;
                 }
                 i++;
             }
+
             for (NetworkVO network : networksToReturn) {
-                if (areServicesSupportedInNetwork(network.getId(), supportedServices)) {
+                if (areServicesSupportedInNetwork(network.getId(), suppportedServices)) {
                     supportedNetworks.add(network);
                 }
             }
+
             networksToReturn = supportedNetworks;
         }
 
         if (canUseForDeploy != null) {
-            List<NetworkVO> networksForDeploy = new ArrayList<>();
+            List<NetworkVO> networksForDeploy = new ArrayList<NetworkVO>();
             for (NetworkVO network : networksToReturn) {
                 if (_networkModel.canUseForDeploy(network) == canUseForDeploy) {
                     networksForDeploy.add(network);
                 }
             }
+
             networksToReturn = networksForDeploy;
         }
 
-        if (applyManualPagination) {
-            //Now apply pagination
-            List<? extends Network> wPagination = com.cloud.utils.StringUtils.applyPagination(networksToReturn, cmd.getStartIndex(), cmd.getPageSizeVal());
-            if (wPagination != null) {
-                Pair<List<? extends Network>, Integer> listWPagination = new Pair<>(wPagination, networksToReturn.size());
-                return listWPagination;
-            }
-            return new Pair<>(networksToReturn, networksToReturn.size());
+        //Now apply pagination
+        List<? extends Network> wPagination = com.cloud.utils.StringUtils.applyPagination(networksToReturn, cmd.getStartIndex(), cmd.getPageSizeVal());
+        if (wPagination != null) {
+            Pair<List<? extends Network>, Integer> listWPagination = new Pair<List<? extends Network>, Integer>(wPagination, networksToReturn.size());
+            return listWPagination;
         }
 
-        return new Pair<>(result.first(), result.second());
+        return new Pair<List<? extends Network>, Integer>(networksToReturn, networksToReturn.size());
     }
 
-    private SearchCriteria<NetworkVO> createNetworkSearchCriteria(SearchBuilder<NetworkVO> sb, String keyword, Long id,
-                                                                 Boolean isSystem, Long zoneId, String guestIpType, String trafficType, Long physicalNetworkId,
-                                                                 Long networkOfferingId, String aclType, Boolean restartRequired,
-                                                                 Boolean specifyIpRanges, Long vpcId, Map<String, String> tags, Boolean display, String vlanId, Long associatedNetworkId) {
+    private void addNetworksToReturnIfNotExist(final List<NetworkVO> networksToReturn, final List<NetworkVO> sharedNetworks) {
+        Set<Long> networkIds = networksToReturn.stream()
+                .map(NetworkVO::getId)
+                .collect(Collectors.toSet());
+        List<NetworkVO> sharedNetworksToReturn = sharedNetworks.stream()
+                .filter(network -> ! networkIds.contains(network.getId()))
+                .collect(Collectors.toList());
+        networksToReturn.addAll(sharedNetworksToReturn);
+    }
+
+    private SearchCriteria<NetworkVO> buildNetworkSearchCriteria(SearchBuilder<NetworkVO> sb, String keyword, Long id,
+            Boolean isSystem, Long zoneId, String guestIpType, String trafficType, Long physicalNetworkId,
+            Long networkOfferingId, String aclType, boolean skipProjectNetworks, Boolean restartRequired,
+            Boolean specifyIpRanges, Long vpcId, Map<String, String> tags, Boolean display, String vlanId, Long associatedNetworkId) {
 
         SearchCriteria<NetworkVO> sc = sb.create();
 
@@ -2503,6 +2485,12 @@ private SearchCriteria<NetworkVO> createNetworkSearchCriteria(SearchBuilder<Netw
             sc.addAnd("physicalNetworkId", SearchCriteria.Op.EQ, physicalNetworkId);
         }
 
+        if (skipProjectNetworks) {
+            sc.setJoinParameters("accountSearch", "typeNEQ", Account.Type.PROJECT);
+        } else {
+            sc.setJoinParameters("accountSearch", "typeEQ", Account.Type.PROJECT);
+        }
+
         if (restartRequired != null) {
             sc.addAnd("restartRequired", SearchCriteria.Op.EQ, restartRequired);
         }
@@ -2543,8 +2531,8 @@ private SearchCriteria<NetworkVO> createNetworkSearchCriteria(SearchBuilder<Netw
         return sc;
     }
 
-    private SearchCriteria<NetworkVO> getDomainLevelNetworksSearchCriteria(SearchBuilder<NetworkVO> sb, long domainId, boolean parentDomainsOnly) {
-        List<Long> networkIds = new ArrayList<>();
+    private List<NetworkVO> listDomainLevelNetworks(SearchCriteria<NetworkVO> sc, Filter searchFilter, long domainId, boolean parentDomainsOnly) {
+        List<Long> networkIds = new ArrayList<Long>();
         Set<Long> allowedDomains = _domainMgr.getDomainParentIds(domainId);
         List<NetworkDomainVO> maps = _networkDomainDao.listDomainNetworkMapByDomain(allowedDomains.toArray());
 
@@ -2559,55 +2547,48 @@ private SearchCriteria<NetworkVO> getDomainLevelNetworksSearchCriteria(SearchBui
         }
 
         if (!networkIds.isEmpty()) {
-            SearchCriteria<NetworkVO> domainSC = sb.create();
-            domainSC.setJoinParameters("accountSearch", "typeNEQ", Account.Type.PROJECT);
+            SearchCriteria<NetworkVO> domainSC = _networksDao.createSearchCriteria();
             domainSC.addAnd("id", SearchCriteria.Op.IN, networkIds.toArray());
             domainSC.addAnd("aclType", SearchCriteria.Op.EQ, ACLType.Domain.toString());
-            return domainSC;
-        }
-        return null;
-    }
 
-    private SearchCriteria<NetworkVO> getAccountSpecificNetworksSearchCriteria(SearchBuilder<NetworkVO> sb,
-           List<Long> permittedAccounts, boolean skipProjectNetworks) {
-        SearchCriteria<NetworkVO> accountSC = sb.create();
-        if (skipProjectNetworks) {
-            accountSC.setJoinParameters("accountSearch", "typeNEQ", Account.Type.PROJECT);
+            sc.addAnd("id", SearchCriteria.Op.SC, domainSC);
+            return _networksDao.search(sc, searchFilter);
         } else {
-            accountSC.setJoinParameters("accountSearch", "typeEQ", Account.Type.PROJECT);
+            return new ArrayList<NetworkVO>();
         }
+    }
+
+    private List<NetworkVO> listAccountSpecificNetworks(SearchCriteria<NetworkVO> sc, Filter searchFilter, List<Long> permittedAccounts) {
+        SearchCriteria<NetworkVO> accountSC = _networksDao.createSearchCriteria();
         if (!permittedAccounts.isEmpty()) {
             accountSC.addAnd("accountId", SearchCriteria.Op.IN, permittedAccounts.toArray());
         }
+
         accountSC.addAnd("aclType", SearchCriteria.Op.EQ, ACLType.Account.toString());
-        return accountSC;
+
+        sc.addAnd("id", SearchCriteria.Op.SC, accountSC);
+        return _networksDao.search(sc, searchFilter);
     }
 
-    private SearchCriteria<NetworkVO> getAccountSpecificNetworksByDomainPathSearchCriteria(SearchBuilder<NetworkVO> sb,
-           String path, boolean isRecursive, boolean skipProjectNetworks) {
-        SearchCriteria<NetworkVO> accountSC = sb.create();
-        if (skipProjectNetworks) {
-            accountSC.setJoinParameters("accountSearch", "typeNEQ", Account.Type.PROJECT);
-        } else {
-            accountSC.setJoinParameters("accountSearch", "typeEQ", Account.Type.PROJECT);
-        }
+    private List<NetworkVO> listAccountSpecificNetworksByDomainPath(SearchCriteria<NetworkVO> sc, Filter searchFilter, String path, boolean isRecursive) {
+        SearchCriteria<NetworkVO> accountSC = _networksDao.createSearchCriteria();
         accountSC.addAnd("aclType", SearchCriteria.Op.EQ, ACLType.Account.toString());
 
         if (path != null) {
             if (isRecursive) {
-                accountSC.setJoinParameters("domainSearch", "path", path + "%");
+                sc.setJoinParameters("domainSearch", "path", path + "%");
             } else {
-                accountSC.setJoinParameters("domainSearch", "path", path);
+                sc.setJoinParameters("domainSearch", "path", path);
             }
         }
 
-        return accountSC;
+        sc.addAnd("id", SearchCriteria.Op.SC, accountSC);
+        return _networksDao.search(sc, searchFilter);
     }
 
-    private SearchCriteria<NetworkVO> getDomainSpecificNetworksByDomainPathSearchCriteria(SearchBuilder<NetworkVO> sb,
-            String path, boolean isRecursive) {
+    private List<NetworkVO> listDomainSpecificNetworksByDomainPath(SearchCriteria<NetworkVO> sc, Filter searchFilter, String path, boolean isRecursive) {
 
-        Set<Long> allowedDomains = new HashSet<>();
+        Set<Long> allowedDomains = new HashSet<Long>();
         if (path != null) {
             if (isRecursive) {
                 allowedDomains = _domainMgr.getDomainChildrenIds(path);
@@ -2617,7 +2598,7 @@ private SearchCriteria<NetworkVO> getDomainSpecificNetworksByDomainPathSearchCri
             }
         }
 
-        List<Long> networkIds = new ArrayList<>();
+        List<Long> networkIds = new ArrayList<Long>();
 
         List<NetworkDomainVO> maps = _networkDomainDao.listDomainNetworkMapByDomain(allowedDomains.toArray());
 
@@ -2626,28 +2607,30 @@ private SearchCriteria<NetworkVO> getDomainSpecificNetworksByDomainPathSearchCri
         }
 
         if (!networkIds.isEmpty()) {
-            SearchCriteria<NetworkVO> domainSC = sb.create();
-            domainSC.setJoinParameters("accountSearch", "typeNEQ", Account.Type.PROJECT);
+            SearchCriteria<NetworkVO> domainSC = _networksDao.createSearchCriteria();
             domainSC.addAnd("id", SearchCriteria.Op.IN, networkIds.toArray());
             domainSC.addAnd("aclType", SearchCriteria.Op.EQ, ACLType.Domain.toString());
-            return domainSC;
+
+            sc.addAnd("id", SearchCriteria.Op.SC, domainSC);
+            return _networksDao.search(sc, searchFilter);
+        } else {
+            return new ArrayList<NetworkVO>();
         }
-        return null;
     }
 
-    private SearchCriteria<NetworkVO> getSharedNetworksSearchCriteria(SearchBuilder<NetworkVO> sb, List<Long> permittedAccounts) {
+    private List<NetworkVO> listSharedNetworks(SearchCriteria<NetworkVO> sc, Filter searchFilter, List<Long> permittedAccounts) {
         List<Long> sharedNetworkIds = _networkPermissionDao.listPermittedNetworkIdsByAccounts(permittedAccounts);
         if (!sharedNetworkIds.isEmpty()) {
-            SearchCriteria<NetworkVO> ssc = sb.create();
-            ssc.setJoinParameters("accountSearch", "typeNEQ", Account.Type.PROJECT);
+            SearchCriteria<NetworkVO> ssc = _networksDao.createSearchCriteria();
             ssc.addAnd("id", SearchCriteria.Op.IN, sharedNetworkIds.toArray());
-            return ssc;
+            sc.addAnd("id", SearchCriteria.Op.SC, ssc);
+            return _networksDao.search(sc, searchFilter);
         }
-        return null;
+        return new ArrayList<NetworkVO>();
     }
 
-    private SearchCriteria<NetworkVO> getSharedNetworksByDomainPathSearchCriteria(SearchBuilder<NetworkVO> sb, String path, boolean isRecursive) {
-        Set<Long> allowedDomains = new HashSet<>();
+    private List<NetworkVO> listSharedNetworksByDomainPath(SearchCriteria<NetworkVO> sc, Filter searchFilter, String path, boolean isRecursive) {
+        Set<Long> allowedDomains = new HashSet<Long>();
         if (path != null) {
             if (isRecursive) {
                 allowedDomains = _domainMgr.getDomainChildrenIds(path);
@@ -2669,13 +2652,13 @@ private SearchCriteria<NetworkVO> getSharedNetworksByDomainPathSearchCriteria(Se
 
             List<Long> sharedNetworkIds = _networkPermissionDao.listPermittedNetworkIdsByAccounts(allowedAccountsList);
             if (!sharedNetworkIds.isEmpty()) {
-                SearchCriteria<NetworkVO> ssc = sb.create();
-                ssc.setJoinParameters("accountSearch", "typeNEQ", Account.Type.PROJECT);
+                SearchCriteria<NetworkVO> ssc = _networksDao.createSearchCriteria();
                 ssc.addAnd("id", SearchCriteria.Op.IN, sharedNetworkIds.toArray());
-                return ssc;
+                sc.addAnd("id", SearchCriteria.Op.SC, ssc);
+                return _networksDao.search(sc, searchFilter);
             }
         }
-        return null;
+        return new ArrayList<NetworkVO>();
     }
 
     @Override
diff --git a/server/src/main/java/com/cloud/user/AccountManagerImpl.java b/server/src/main/java/com/cloud/user/AccountManagerImpl.java
index 3eed429ed215..0a0d9265ac48 100644
--- a/server/src/main/java/com/cloud/user/AccountManagerImpl.java
+++ b/server/src/main/java/com/cloud/user/AccountManagerImpl.java
@@ -2744,7 +2744,9 @@ public Map<String, String> getKeys(Long userId) {
             throw new InvalidParameterValueException("Unable to find user by id");
         }
         final ControlledEntity account = getAccount(getUserAccountById(userId).getAccountId()); //Extracting the Account from the userID of the requested user.
-        checkAccess(CallContext.current().getCallingUser(), account);
+        User caller = CallContext.current().getCallingUser();
+        preventRootDomainAdminAccessToRootAdminKeys(caller, account);
+        checkAccess(caller, account);
 
         Map<String, String> keys = new HashMap<String, String>();
         keys.put("apikey", user.getApiKey());
@@ -2753,6 +2755,19 @@ public Map<String, String> getKeys(Long userId) {
         return keys;
     }
 
+    protected void preventRootDomainAdminAccessToRootAdminKeys(User caller, ControlledEntity account) {
+        if (isDomainAdminForRootDomain(caller) && isRootAdmin(account.getAccountId())) {
+            String msg = String.format("Caller Username %s does not have access to root admin keys", caller.getUsername());
+            s_logger.error(msg);
+            throw new PermissionDeniedException(msg);
+        }
+    }
+
+    protected boolean isDomainAdminForRootDomain(User callingUser) {
+        AccountVO caller = _accountDao.findById(callingUser.getAccountId());
+        return caller.getType() == Account.Type.DOMAIN_ADMIN && caller.getDomainId() == Domain.ROOT_DOMAIN;
+    }
+
     @Override
     public List<UserTwoFactorAuthenticator> listUserTwoFactorAuthenticationProviders() {
         return userTwoFactorAuthenticationProviders;
@@ -2787,6 +2802,7 @@ public String[] createApiKeyAndSecretKey(RegisterCmd cmd) {
         }
 
         Account account = _accountDao.findById(user.getAccountId());
+        preventRootDomainAdminAccessToRootAdminKeys(user, account);
         checkAccess(caller, null, true, account);
 
         // don't allow updating system user
diff --git a/server/src/test/java/com/cloud/acl/DomainCheckerTest.java b/server/src/test/java/com/cloud/acl/DomainCheckerTest.java
new file mode 100644
index 000000000000..a5ec41306d85
--- /dev/null
+++ b/server/src/test/java/com/cloud/acl/DomainCheckerTest.java
@@ -0,0 +1,166 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.acl;
+
+import org.apache.cloudstack.acl.ControlledEntity;
+import org.apache.cloudstack.acl.SecurityChecker;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.Mockito;
+import org.mockito.Spy;
+import org.mockito.junit.MockitoJUnitRunner;
+
+import com.cloud.domain.dao.DomainDao;
+import com.cloud.exception.PermissionDeniedException;
+import com.cloud.projects.ProjectManager;
+import com.cloud.user.Account;
+import com.cloud.user.AccountService;
+import com.cloud.user.AccountVO;
+import com.cloud.user.dao.AccountDao;
+import com.cloud.utils.Ternary;
+
+@RunWith(MockitoJUnitRunner.class)
+public class DomainCheckerTest {
+
+    @Mock
+    AccountService _accountService;
+    @Mock
+    AccountDao _accountDao;
+    @Mock
+    DomainDao _domainDao;
+    @Mock
+    ProjectManager _projectMgr;
+
+    @Spy
+    @InjectMocks
+    DomainChecker domainChecker;
+
+    private ControlledEntity getMockedEntity(long accountId) {
+        ControlledEntity entity = Mockito.mock(Account.class);
+        Mockito.when(entity.getAccountId()).thenReturn(accountId);
+        Mockito.when(entity.getEntityType()).thenReturn((Class)Account.class);
+        return entity;
+    }
+
+    @Test
+    public void testRootAdminHasAccess() {
+        Account rootAdmin = Mockito.mock(Account.class);
+        Mockito.when(rootAdmin.getId()).thenReturn(1L);
+        ControlledEntity entity = getMockedEntity(2L);
+        Mockito.when(_accountService.isRootAdmin(rootAdmin.getId())).thenReturn(true);
+
+        domainChecker.validateCallerHasAccessToEntityOwner(rootAdmin, entity, SecurityChecker.AccessType.ModifyProject);
+    }
+
+    @Test
+    public void testCallerIsOwner() {
+        Account caller = Mockito.mock(Account.class);
+        Mockito.when(caller.getId()).thenReturn(1L);
+        ControlledEntity entity = getMockedEntity(1L);
+
+        domainChecker.validateCallerHasAccessToEntityOwner(caller, entity, SecurityChecker.AccessType.ModifyProject);
+    }
+
+    @Test(expected = PermissionDeniedException.class)
+    public void testOwnerNotFound() {
+        Account caller = Mockito.mock(Account.class);
+        Mockito.when(caller.getId()).thenReturn(1L);
+        ControlledEntity entity = getMockedEntity(2L);
+        Mockito.when(_accountDao.findById(entity.getAccountId())).thenReturn(null);
+
+        domainChecker.validateCallerHasAccessToEntityOwner(caller, entity, SecurityChecker.AccessType.ModifyProject);
+    }
+
+    @Test
+    public void testDomainAdminHasAccess() {
+        Account caller = Mockito.mock(Account.class);
+        Mockito.when(caller.getId()).thenReturn(1L);
+        Mockito.when(caller.getDomainId()).thenReturn(100L);
+        Mockito.when(caller.getType()).thenReturn(Account.Type.DOMAIN_ADMIN);
+        ControlledEntity entity = getMockedEntity(2L);
+        AccountVO owner = Mockito.mock(AccountVO.class);
+        Mockito.when(owner.getDomainId()).thenReturn(101L);
+        Mockito.when(_accountDao.findById(entity.getAccountId())).thenReturn(owner);
+        Mockito.when(_domainDao.isChildDomain(100L, 101L)).thenReturn(true);
+
+        domainChecker.validateCallerHasAccessToEntityOwner(caller, entity, SecurityChecker.AccessType.ModifyProject);
+    }
+
+    private Ternary<Account, ControlledEntity, AccountVO> getProjectAccessCheckResources() {
+        Account caller = Mockito.mock(Account.class);
+        Mockito.when(caller.getId()).thenReturn(100L);
+        Mockito.when(caller.getType()).thenReturn(Account.Type.PROJECT);
+        ControlledEntity entity = getMockedEntity(2L);
+        AccountVO projectAccount = Mockito.mock(AccountVO.class);
+        Mockito.when(projectAccount.getId()).thenReturn(2L);
+        Mockito.when(projectAccount.getType()).thenReturn(Account.Type.PROJECT);
+        return new Ternary<>(caller, entity, projectAccount);
+    }
+
+    @Test
+    public void testProjectOwnerCanModify() {
+        Ternary<Account, ControlledEntity, AccountVO> resources = getProjectAccessCheckResources();
+        Account caller = resources.first();
+        ControlledEntity entity = resources.second();
+        AccountVO projectAccount = resources.third();
+        Mockito.when(_accountDao.findById(entity.getAccountId())).thenReturn(projectAccount);
+        Mockito.when(_projectMgr.canModifyProjectAccount(caller, projectAccount.getId())).thenReturn(true);
+        Mockito.doReturn(true).when(domainChecker).checkOperationPermitted(caller, entity);
+
+        domainChecker.validateCallerHasAccessToEntityOwner(caller, entity, SecurityChecker.AccessType.ModifyProject);
+    }
+
+    @Test(expected = PermissionDeniedException.class)
+    public void testProjectOwnerCannotModify() {
+        Ternary<Account, ControlledEntity, AccountVO> resources = getProjectAccessCheckResources();
+        Account caller = resources.first();
+        ControlledEntity entity = resources.second();
+        AccountVO projectAccount = resources.third();
+        Mockito.when(_accountDao.findById(entity.getAccountId())).thenReturn(projectAccount);
+        Mockito.when(_projectMgr.canModifyProjectAccount(caller, projectAccount.getId())).thenReturn(false);
+
+        domainChecker.validateCallerHasAccessToEntityOwner(caller, entity, SecurityChecker.AccessType.ModifyProject);
+    }
+
+    @Test
+    public void testProjectOwnerCanAccess() {
+        Ternary<Account, ControlledEntity, AccountVO> resources = getProjectAccessCheckResources();
+        Account caller = resources.first();
+        ControlledEntity entity = resources.second();
+        AccountVO projectAccount = resources.third();
+        Mockito.when(_accountDao.findById(entity.getAccountId())).thenReturn(projectAccount);
+        Mockito.when(_projectMgr.canAccessProjectAccount(caller, projectAccount.getId())).thenReturn(true);
+        Mockito.doReturn(true).when(domainChecker).checkOperationPermitted(caller, entity);
+
+        domainChecker.validateCallerHasAccessToEntityOwner(caller, entity, SecurityChecker.AccessType.ListEntry);
+    }
+
+    @Test(expected = PermissionDeniedException.class)
+    public void testProjectOwnerCannotAccess() {
+        Ternary<Account, ControlledEntity, AccountVO> resources = getProjectAccessCheckResources();
+        Account caller = resources.first();
+        ControlledEntity entity = resources.second();
+        AccountVO projectAccount = resources.third();
+        Mockito.when(_accountDao.findById(entity.getAccountId())).thenReturn(projectAccount);
+        Mockito.when(_projectMgr.canAccessProjectAccount(caller, projectAccount.getId())).thenReturn(false);
+
+        domainChecker.validateCallerHasAccessToEntityOwner(caller, entity, SecurityChecker.AccessType.ListEntry);
+    }
+
+}
diff --git a/server/src/test/java/com/cloud/user/AccountManagerImplTest.java b/server/src/test/java/com/cloud/user/AccountManagerImplTest.java
index 9014af523fdc..36fb1ca518a5 100644
--- a/server/src/test/java/com/cloud/user/AccountManagerImplTest.java
+++ b/server/src/test/java/com/cloud/user/AccountManagerImplTest.java
@@ -33,6 +33,7 @@
 import com.cloud.vm.UserVmVO;
 import com.cloud.vm.VMInstanceVO;
 import com.cloud.vm.snapshot.VMSnapshotVO;
+import org.apache.cloudstack.acl.ControlledEntity;
 import org.apache.cloudstack.acl.SecurityChecker.AccessType;
 import org.apache.cloudstack.api.command.admin.user.GetUserKeysCmd;
 import org.apache.cloudstack.api.command.admin.user.UpdateUserCmd;
@@ -241,6 +242,63 @@ public void testgetUserCmd() {
         accountManagerImpl.getKeys(_listkeyscmd);
     }
 
+    @Test(expected = PermissionDeniedException.class)
+    public void testGetUserKeysCmdDomainAdminRootAdminUser() {
+        CallContext.register(callingUser, callingAccount);
+        Mockito.when(_listkeyscmd.getID()).thenReturn(2L);
+        Mockito.when(accountManagerImpl.getActiveUser(2L)).thenReturn(userVoMock);
+        Mockito.when(userAccountDaoMock.findById(2L)).thenReturn(userAccountVO);
+        Mockito.when(userAccountVO.getAccountId()).thenReturn(2L);
+        Mockito.when(userDetailsDaoMock.listDetailsKeyPairs(Mockito.anyLong())).thenReturn(null);
+
+        // Queried account - admin account
+        AccountVO adminAccountMock = Mockito.mock(AccountVO.class);
+        Mockito.when(adminAccountMock.getAccountId()).thenReturn(2L);
+        Mockito.when(_accountDao.findByIdIncludingRemoved(2L)).thenReturn(adminAccountMock);
+        Mockito.lenient().when(accountService.isRootAdmin(2L)).thenReturn(true);
+        Mockito.lenient().when(securityChecker.checkAccess(Mockito.any(Account.class),
+                Mockito.nullable(ControlledEntity.class), Mockito.nullable(AccessType.class), Mockito.anyString())).thenReturn(true);
+
+        // Calling account is domain admin of the ROOT domain
+        Mockito.lenient().when(callingAccount.getType()).thenReturn(Account.Type.DOMAIN_ADMIN);
+        Mockito.lenient().when(callingAccount.getDomainId()).thenReturn(Domain.ROOT_DOMAIN);
+
+        Mockito.lenient().when(callingUser.getAccountId()).thenReturn(2L);
+        Mockito.lenient().when(_accountDao.findById(2L)).thenReturn(callingAccount);
+
+        Mockito.lenient().when(accountService.isDomainAdmin(Mockito.anyLong())).thenReturn(Boolean.TRUE);
+        Mockito.lenient().when(accountMock.getAccountId()).thenReturn(2L);
+
+        accountManagerImpl.getKeys(_listkeyscmd);
+    }
+
+    @Test
+    public void testPreventRootDomainAdminAccessToRootAdminKeysNormalUser() {
+        User user = Mockito.mock(User.class);
+        ControlledEntity entity = Mockito.mock(ControlledEntity.class);
+        Mockito.when(user.getAccountId()).thenReturn(1L);
+        AccountVO account = Mockito.mock(AccountVO.class);
+        Mockito.when(account.getType()).thenReturn(Account.Type.NORMAL);
+        Mockito.when(_accountDao.findById(1L)).thenReturn(account);
+        accountManagerImpl.preventRootDomainAdminAccessToRootAdminKeys(user, entity);
+        Mockito.verify(accountManagerImpl, Mockito.never()).isRootAdmin(Mockito.anyLong());
+    }
+
+    @Test(expected = PermissionDeniedException.class)
+    public void testPreventRootDomainAdminAccessToRootAdminKeysRootDomainAdminUser() {
+        User user = Mockito.mock(User.class);
+        ControlledEntity entity = Mockito.mock(ControlledEntity.class);
+        Mockito.when(user.getAccountId()).thenReturn(1L);
+        AccountVO account = Mockito.mock(AccountVO.class);
+        Mockito.when(account.getType()).thenReturn(Account.Type.DOMAIN_ADMIN);
+        Mockito.when(account.getDomainId()).thenReturn(Domain.ROOT_DOMAIN);
+        Mockito.when(_accountDao.findById(1L)).thenReturn(account);
+        Mockito.when(entity.getAccountId()).thenReturn(1L);
+        Mockito.lenient().when(securityChecker.checkAccess(Mockito.any(Account.class),
+                Mockito.nullable(ControlledEntity.class), Mockito.nullable(AccessType.class), Mockito.anyString())).thenReturn(true);
+        accountManagerImpl.preventRootDomainAdminAccessToRootAdminKeys(user, entity);
+    }
+
     @Test
     public void updateUserTestTimeZoneAndEmailNull() {
         prepareMockAndExecuteUpdateUserTest(0);
diff --git a/test/integration/smoke/test_account_access.py b/test/integration/smoke/test_account_access.py
new file mode 100644
index 000000000000..97eeced63860
--- /dev/null
+++ b/test/integration/smoke/test_account_access.py
@@ -0,0 +1,198 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+""" BVT tests for Account User Access
+"""
+# Import Local Modules
+from marvin.cloudstackTestCase import cloudstackTestCase
+from marvin.lib.utils import *
+from marvin.lib.base import (Account,
+                             User,
+                             Domain)
+from marvin.lib.common import (get_domain)
+from marvin.cloudstackAPI import (getUserKeys)
+from marvin.cloudstackException import CloudstackAPIException
+from nose.plugins.attrib import attr
+
+_multiprocess_shared_ = True
+
+class TestAccountAccess(cloudstackTestCase):
+
+    @classmethod
+    def setUpClass(cls):
+        testClient = super(TestAccountAccess, cls).getClsTestClient()
+        cls.apiclient = testClient.getApiClient()
+        cls.services = testClient.getParsedTestDataConfig()
+        cls.hypervisor = testClient.getHypervisorInfo()
+        cls._cleanup = []
+
+        # Get Zone, Domain and templates
+        cls.domain = get_domain(cls.apiclient)
+
+        cls.domains = []
+        cls.domain_admins = {}
+        cls.domain_users = {}
+        cls.account_users = {}
+
+        domain_data = {
+            "name": "domain_1"
+        }
+        cls.domain_1 = Domain.create(
+            cls.apiclient,
+            domain_data,
+        )
+        cls._cleanup.append(cls.domain_1)
+        cls.domains.append(cls.domain_1)
+        domain_data["name"] = "domain_11"
+        cls.domain_11 = Domain.create(
+            cls.apiclient,
+            domain_data,
+            parentdomainid=cls.domain_1.id
+        )
+        cls._cleanup.append(cls.domain_11)
+        cls.domains.append(cls.domain_11)
+        domain_data["name"] = "domain_12"
+        cls.domain_12 = Domain.create(
+            cls.apiclient,
+            domain_data,
+            parentdomainid=cls.domain_1.id
+        )
+        cls._cleanup.append(cls.domain_12)
+        cls.domains.append(cls.domain_12)
+        domain_data["name"] = "domain_2"
+        cls.domain_2 = Domain.create(
+            cls.apiclient,
+            domain_data,
+        )
+        cls._cleanup.append(cls.domain_2)
+        cls.domains.append(cls.domain_2)
+
+
+        for d in cls.domains:
+            cls.create_domainadmin_and_user(d)
+
+    @classmethod
+    def tearDownClass(cls):
+        super(TestAccountAccess, cls).tearDownClass()
+
+    @classmethod
+    def create_account(cls, domain, is_admin):
+        cls.debug(f"Creating account for domain {domain.name}, admin: {is_admin}")
+        data = {
+            "email": "admin-" + domain.name + "@test.com",
+            "firstname": "Admin",
+            "lastname": domain.name,
+            "username": "admin-" + domain.name,
+            "password": "password"
+        }
+        if is_admin == False:
+            data["email"] = "user-" + domain.name + "@test.com"
+            data["firstname"] = "User"
+            data["username"] = "user-" + domain.name
+        account = Account.create(
+            cls.apiclient,
+            data,
+            admin=is_admin,
+            domainid=domain.id
+        )
+        cls._cleanup.append(account)
+        if is_admin == True:
+            cls.domain_admins[domain.id] = account
+        else:
+            cls.domain_users[domain.id] = account
+
+        user = User.create(
+            cls.apiclient,
+            data,
+            account=account.name,
+            domainid=account.domainid)
+        cls._cleanup.append(user)
+        cls.account_users[account.id] = user
+
+    @classmethod
+    def create_domainadmin_and_user(cls, domain):
+        cls.debug(f"Creating accounts for domain #{domain.id} {domain.name}")
+        cls.create_account(domain, True)
+        cls.create_account(domain, False)
+
+    def get_user_keys(self, api_client, user_id):
+        getUserKeysCmd = getUserKeys.getUserKeysCmd()
+        getUserKeysCmd.id = user_id
+        return api_client.getUserKeys(getUserKeysCmd)
+
+    def is_child_domain(self, parent_domain, child_domain):
+        if not parent_domain or not child_domain:
+            return False
+        parent_domain_prefix = parent_domain.split('-')[0]
+        child_domain_prefix = child_domain.split('-')[0]
+        if not parent_domain_prefix or not child_domain_prefix:
+            return False
+        return child_domain_prefix.startswith(parent_domain_prefix)
+
+
+    @attr(tags=["advanced", "advancedns", "smoke", "sg"], required_hardware="false")
+    def test_01_user_access(self):
+        """
+        Test user account is not accessing any other account
+        """
+
+        domain_user_accounts = [value for value in self.domain_users.values()]
+        all_account_users = [value for value in self.account_users.values()]
+        for user_account in domain_user_accounts:
+            current_account_user = self.account_users[user_account.id]
+            self.debug(f"Check for account {user_account.name} with user {current_account_user.username}")
+            user_api_client = self.testClient.getUserApiClient(
+                UserName=user_account.name,
+                DomainName=user_account.domain
+            )
+            for user in all_account_users:
+                self.debug(f"Checking access for user {user.username} associated with account {user.account}")
+                try:
+                    self.get_user_keys(user_api_client, user.id)
+                    self.debug(f"API successful")
+                    if user.id != current_account_user.id:
+                        self.fail(f"User account #{user_account.id} was able to access another account #{user.id}")
+                except CloudstackAPIException as e:
+                    self.debug(f"Exception occurred: {e}")
+                    if user.id == current_account_user.id:
+                        self.fail(f"User account #{user_account.id} not able to access own account")
+
+    @attr(tags=["advanced", "advancedns", "smoke", "sg"], required_hardware="false")
+    def test_02_domain_admin_access(self):
+        """
+        Test domain admin account is not accessing any other account from unauthorized domain
+        """
+
+        domain_admin_accounts = [value for value in self.domain_admins.values()]
+        all_account_users = [value for value in self.account_users.values()]
+        for admin_account in domain_admin_accounts:
+            current_account_user = self.account_users[admin_account.id]
+            self.debug(f"Check for domain admin {admin_account.name} with user {current_account_user.username}, {current_account_user.domain}")
+            admin_api_client = self.testClient.getUserApiClient(
+                UserName=admin_account.name,
+                DomainName=admin_account.domain
+            )
+            for user in all_account_users:
+                self.debug(f"Checking access for user {user.username}, {user.domain} associated with account {user.account}")
+                try:
+                    self.get_user_keys(admin_api_client, user.id)
+                    self.debug(f"API successful")
+                    if self.is_child_domain(current_account_user.domain, user.domain) == False:
+                        self.fail(f"User account #{admin_account.id} was able to access another account #{user.id}")
+                except CloudstackAPIException as e:
+                    self.debug(f"Exception occurred: {e}")
+                    if self.is_child_domain(current_account_user.domain, user.domain) == True:
+                        self.fail(f"User account #{admin_account.id} not able to access own account")
diff --git a/ui/src/views/compute/KubernetesServiceTab.vue b/ui/src/views/compute/KubernetesServiceTab.vue
index bdaa2eefde6b..9bc80afae080 100644
--- a/ui/src/views/compute/KubernetesServiceTab.vue
+++ b/ui/src/views/compute/KubernetesServiceTab.vue
@@ -402,6 +402,7 @@ export default {
           if (this.arrayHasItems(networks)) {
             this.network = networks[0]
           }
+          resolve(this.network)
         })
         this.networkLoading = false
       })

From 4ea342cad3db3bb6cf4758000c9575d1675105bf Mon Sep 17 00:00:00 2001
From: nvazquez <nicovazquez90@gmail.com>
Date: Fri, 2 Aug 2024 17:31:16 -0300
Subject: [PATCH 08/24] Updating pom.xml version numbers for release 4.19.1.1

Signed-off-by: nvazquez <nicovazquez90@gmail.com>
---
 agent/pom.xml                                               | 2 +-
 api/pom.xml                                                 | 2 +-
 client/pom.xml                                              | 2 +-
 core/pom.xml                                                | 2 +-
 debian/changelog                                            | 6 ++++++
 developer/pom.xml                                           | 2 +-
 engine/api/pom.xml                                          | 2 +-
 engine/components-api/pom.xml                               | 2 +-
 engine/orchestration/pom.xml                                | 2 +-
 engine/pom.xml                                              | 2 +-
 engine/schema/pom.xml                                       | 2 +-
 engine/service/pom.xml                                      | 2 +-
 engine/storage/cache/pom.xml                                | 2 +-
 engine/storage/configdrive/pom.xml                          | 2 +-
 engine/storage/datamotion/pom.xml                           | 2 +-
 engine/storage/image/pom.xml                                | 2 +-
 engine/storage/integration-test/pom.xml                     | 2 +-
 engine/storage/object/pom.xml                               | 2 +-
 engine/storage/pom.xml                                      | 2 +-
 engine/storage/snapshot/pom.xml                             | 2 +-
 engine/storage/volume/pom.xml                               | 2 +-
 engine/userdata/cloud-init/pom.xml                          | 2 +-
 engine/userdata/pom.xml                                     | 2 +-
 framework/agent-lb/pom.xml                                  | 2 +-
 framework/ca/pom.xml                                        | 2 +-
 framework/cluster/pom.xml                                   | 2 +-
 framework/config/pom.xml                                    | 2 +-
 framework/db/pom.xml                                        | 2 +-
 framework/direct-download/pom.xml                           | 2 +-
 framework/events/pom.xml                                    | 2 +-
 framework/ipc/pom.xml                                       | 2 +-
 framework/jobs/pom.xml                                      | 2 +-
 framework/managed-context/pom.xml                           | 2 +-
 framework/pom.xml                                           | 2 +-
 framework/quota/pom.xml                                     | 2 +-
 framework/rest/pom.xml                                      | 2 +-
 framework/security/pom.xml                                  | 2 +-
 framework/spring/lifecycle/pom.xml                          | 2 +-
 framework/spring/module/pom.xml                             | 2 +-
 plugins/acl/dynamic-role-based/pom.xml                      | 2 +-
 plugins/acl/project-role-based/pom.xml                      | 2 +-
 plugins/acl/static-role-based/pom.xml                       | 2 +-
 .../affinity-group-processors/explicit-dedication/pom.xml   | 2 +-
 plugins/affinity-group-processors/host-affinity/pom.xml     | 2 +-
 .../affinity-group-processors/host-anti-affinity/pom.xml    | 2 +-
 .../non-strict-host-affinity/pom.xml                        | 2 +-
 .../non-strict-host-anti-affinity/pom.xml                   | 2 +-
 plugins/alert-handlers/snmp-alerts/pom.xml                  | 2 +-
 plugins/alert-handlers/syslog-alerts/pom.xml                | 2 +-
 plugins/api/discovery/pom.xml                               | 2 +-
 plugins/api/rate-limit/pom.xml                              | 2 +-
 plugins/api/solidfire-intg-test/pom.xml                     | 2 +-
 plugins/api/vmware-sioc/pom.xml                             | 2 +-
 plugins/backup/dummy/pom.xml                                | 2 +-
 plugins/backup/networker/pom.xml                            | 2 +-
 plugins/backup/veeam/pom.xml                                | 2 +-
 plugins/ca/root-ca/pom.xml                                  | 2 +-
 plugins/database/mysql-ha/pom.xml                           | 2 +-
 plugins/database/quota/pom.xml                              | 2 +-
 plugins/dedicated-resources/pom.xml                         | 2 +-
 plugins/deployment-planners/implicit-dedication/pom.xml     | 2 +-
 plugins/deployment-planners/user-concentrated-pod/pom.xml   | 2 +-
 plugins/deployment-planners/user-dispersing/pom.xml         | 2 +-
 plugins/drs/cluster/balanced/pom.xml                        | 2 +-
 plugins/drs/cluster/condensed/pom.xml                       | 2 +-
 plugins/event-bus/inmemory/pom.xml                          | 2 +-
 plugins/event-bus/kafka/pom.xml                             | 2 +-
 plugins/event-bus/rabbitmq/pom.xml                          | 2 +-
 plugins/ha-planners/skip-heurestics/pom.xml                 | 2 +-
 plugins/host-allocators/random/pom.xml                      | 2 +-
 plugins/hypervisors/baremetal/pom.xml                       | 2 +-
 plugins/hypervisors/hyperv/pom.xml                          | 2 +-
 plugins/hypervisors/kvm/pom.xml                             | 2 +-
 plugins/hypervisors/ovm/pom.xml                             | 2 +-
 plugins/hypervisors/ovm3/pom.xml                            | 2 +-
 plugins/hypervisors/simulator/pom.xml                       | 2 +-
 plugins/hypervisors/ucs/pom.xml                             | 2 +-
 plugins/hypervisors/vmware/pom.xml                          | 2 +-
 plugins/hypervisors/xenserver/pom.xml                       | 2 +-
 plugins/integrations/cloudian/pom.xml                       | 2 +-
 plugins/integrations/kubernetes-service/pom.xml             | 2 +-
 plugins/integrations/prometheus/pom.xml                     | 2 +-
 plugins/metrics/pom.xml                                     | 2 +-
 plugins/network-elements/bigswitch/pom.xml                  | 2 +-
 plugins/network-elements/brocade-vcs/pom.xml                | 2 +-
 plugins/network-elements/cisco-vnmc/pom.xml                 | 2 +-
 plugins/network-elements/dns-notifier/pom.xml               | 2 +-
 plugins/network-elements/elastic-loadbalancer/pom.xml       | 2 +-
 plugins/network-elements/globodns/pom.xml                   | 2 +-
 plugins/network-elements/internal-loadbalancer/pom.xml      | 2 +-
 plugins/network-elements/juniper-contrail/pom.xml           | 2 +-
 plugins/network-elements/netscaler/pom.xml                  | 2 +-
 plugins/network-elements/nicira-nvp/pom.xml                 | 2 +-
 plugins/network-elements/opendaylight/pom.xml               | 2 +-
 plugins/network-elements/ovs/pom.xml                        | 2 +-
 plugins/network-elements/palo-alto/pom.xml                  | 2 +-
 plugins/network-elements/stratosphere-ssp/pom.xml           | 2 +-
 plugins/network-elements/tungsten/pom.xml                   | 2 +-
 plugins/network-elements/vxlan/pom.xml                      | 2 +-
 plugins/outofbandmanagement-drivers/ipmitool/pom.xml        | 2 +-
 .../outofbandmanagement-drivers/nested-cloudstack/pom.xml   | 2 +-
 plugins/outofbandmanagement-drivers/redfish/pom.xml         | 2 +-
 plugins/pom.xml                                             | 2 +-
 plugins/shutdown/pom.xml                                    | 2 +-
 plugins/storage-allocators/random/pom.xml                   | 2 +-
 plugins/storage/image/default/pom.xml                       | 2 +-
 plugins/storage/image/s3/pom.xml                            | 2 +-
 plugins/storage/image/sample/pom.xml                        | 2 +-
 plugins/storage/image/swift/pom.xml                         | 2 +-
 plugins/storage/object/minio/pom.xml                        | 2 +-
 plugins/storage/object/simulator/pom.xml                    | 2 +-
 plugins/storage/volume/adaptive/pom.xml                     | 2 +-
 plugins/storage/volume/cloudbyte/pom.xml                    | 2 +-
 plugins/storage/volume/datera/pom.xml                       | 2 +-
 plugins/storage/volume/default/pom.xml                      | 2 +-
 plugins/storage/volume/flasharray/pom.xml                   | 2 +-
 plugins/storage/volume/linstor/pom.xml                      | 2 +-
 plugins/storage/volume/nexenta/pom.xml                      | 2 +-
 plugins/storage/volume/primera/pom.xml                      | 2 +-
 plugins/storage/volume/sample/pom.xml                       | 2 +-
 plugins/storage/volume/scaleio/pom.xml                      | 2 +-
 plugins/storage/volume/solidfire/pom.xml                    | 2 +-
 plugins/storage/volume/storpool/pom.xml                     | 2 +-
 plugins/user-authenticators/ldap/pom.xml                    | 2 +-
 plugins/user-authenticators/md5/pom.xml                     | 2 +-
 plugins/user-authenticators/oauth2/pom.xml                  | 2 +-
 plugins/user-authenticators/pbkdf2/pom.xml                  | 2 +-
 plugins/user-authenticators/plain-text/pom.xml              | 2 +-
 plugins/user-authenticators/saml2/pom.xml                   | 2 +-
 plugins/user-authenticators/sha256salted/pom.xml            | 2 +-
 plugins/user-two-factor-authenticators/static-pin/pom.xml   | 2 +-
 plugins/user-two-factor-authenticators/totp/pom.xml         | 2 +-
 pom.xml                                                     | 2 +-
 quickcloud/pom.xml                                          | 2 +-
 server/pom.xml                                              | 2 +-
 services/console-proxy/pom.xml                              | 2 +-
 services/console-proxy/rdpconsole/pom.xml                   | 2 +-
 services/console-proxy/server/pom.xml                       | 2 +-
 services/pom.xml                                            | 2 +-
 services/secondary-storage/controller/pom.xml               | 2 +-
 services/secondary-storage/pom.xml                          | 2 +-
 services/secondary-storage/server/pom.xml                   | 2 +-
 systemvm/pom.xml                                            | 2 +-
 test/pom.xml                                                | 2 +-
 tools/apidoc/pom.xml                                        | 2 +-
 tools/checkstyle/pom.xml                                    | 2 +-
 tools/devcloud-kvm/pom.xml                                  | 2 +-
 tools/devcloud4/pom.xml                                     | 2 +-
 tools/marvin/pom.xml                                        | 2 +-
 tools/pom.xml                                               | 2 +-
 usage/pom.xml                                               | 2 +-
 utils/pom.xml                                               | 2 +-
 vmware-base/pom.xml                                         | 2 +-
 153 files changed, 158 insertions(+), 152 deletions(-)

diff --git a/agent/pom.xml b/agent/pom.xml
index ec478bad2693..25c032abf140 100644
--- a/agent/pom.xml
+++ b/agent/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
     </parent>
     <dependencies>
         <dependency>
diff --git a/api/pom.xml b/api/pom.xml
index 13c0d269dc01..cdb4e802c2b6 100644
--- a/api/pom.xml
+++ b/api/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
     </parent>
     <dependencies>
         <dependency>
diff --git a/client/pom.xml b/client/pom.xml
index 59c419f93b76..b50a5197bd9e 100644
--- a/client/pom.xml
+++ b/client/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
     </parent>
     <repositories>
         <repository>
diff --git a/core/pom.xml b/core/pom.xml
index 06b33a55ae41..31200bcadcd2 100644
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
     </parent>
     <dependencies>
         <dependency>
diff --git a/debian/changelog b/debian/changelog
index b04c2cb351bc..d6ac588cba6c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+cloudstack (4.19.1.1) unstable; urgency=low
+
+  * Update the version to 4.19.1.1
+
+ -- the Apache CloudStack project <dev@cloudstack.apache.org>  Fri, 02 Aug 2024 17:31:16 -0300
+
 cloudstack (4.19.1.0) unstable; urgency=low
 
   * Update the version to 4.19.1.0
diff --git a/developer/pom.xml b/developer/pom.xml
index 687d11e093ce..6cb64ff1feac 100644
--- a/developer/pom.xml
+++ b/developer/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
     </parent>
     <dependencies>
         <dependency>
diff --git a/engine/api/pom.xml b/engine/api/pom.xml
index 2e3893d8578b..4ebed0e00be3 100644
--- a/engine/api/pom.xml
+++ b/engine/api/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/components-api/pom.xml b/engine/components-api/pom.xml
index e4427ef0cca7..de5afd58ff02 100644
--- a/engine/components-api/pom.xml
+++ b/engine/components-api/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/orchestration/pom.xml b/engine/orchestration/pom.xml
index e1d6056c1bb0..f0ab03017d30 100755
--- a/engine/orchestration/pom.xml
+++ b/engine/orchestration/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/pom.xml b/engine/pom.xml
index dc738bd00740..eeb19798ec16 100644
--- a/engine/pom.xml
+++ b/engine/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <build>
diff --git a/engine/schema/pom.xml b/engine/schema/pom.xml
index 46cdc12a017c..4d144ae8d914 100644
--- a/engine/schema/pom.xml
+++ b/engine/schema/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/service/pom.xml b/engine/service/pom.xml
index fd8f34d99611..acfedb5bd06a 100644
--- a/engine/service/pom.xml
+++ b/engine/service/pom.xml
@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
     </parent>
     <artifactId>cloud-engine-service</artifactId>
     <packaging>war</packaging>
diff --git a/engine/storage/cache/pom.xml b/engine/storage/cache/pom.xml
index c78f09004bd6..be1131d3bfee 100644
--- a/engine/storage/cache/pom.xml
+++ b/engine/storage/cache/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/storage/configdrive/pom.xml b/engine/storage/configdrive/pom.xml
index d7a5a8695c02..1071fe5ea1a9 100644
--- a/engine/storage/configdrive/pom.xml
+++ b/engine/storage/configdrive/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/storage/datamotion/pom.xml b/engine/storage/datamotion/pom.xml
index 8ae90347b895..cbb9c66f6e8f 100644
--- a/engine/storage/datamotion/pom.xml
+++ b/engine/storage/datamotion/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/storage/image/pom.xml b/engine/storage/image/pom.xml
index f6d97b46fcad..ff4afad22958 100644
--- a/engine/storage/image/pom.xml
+++ b/engine/storage/image/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/storage/integration-test/pom.xml b/engine/storage/integration-test/pom.xml
index 47da53aa050c..1e1d52974885 100644
--- a/engine/storage/integration-test/pom.xml
+++ b/engine/storage/integration-test/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/storage/object/pom.xml b/engine/storage/object/pom.xml
index e76c9c1fbd1d..9d4982af5061 100644
--- a/engine/storage/object/pom.xml
+++ b/engine/storage/object/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/storage/pom.xml b/engine/storage/pom.xml
index 39a141d057da..c98cfe4d297e 100644
--- a/engine/storage/pom.xml
+++ b/engine/storage/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/storage/snapshot/pom.xml b/engine/storage/snapshot/pom.xml
index ce1e14d4a419..d56fc91c85d1 100644
--- a/engine/storage/snapshot/pom.xml
+++ b/engine/storage/snapshot/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/storage/volume/pom.xml b/engine/storage/volume/pom.xml
index fe9699aafa36..25f81e9f9260 100644
--- a/engine/storage/volume/pom.xml
+++ b/engine/storage/volume/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/userdata/cloud-init/pom.xml b/engine/userdata/cloud-init/pom.xml
index ff598bd6555c..9c2f92d411af 100644
--- a/engine/userdata/cloud-init/pom.xml
+++ b/engine/userdata/cloud-init/pom.xml
@@ -23,7 +23,7 @@
 <parent>
     <artifactId>cloud-engine</artifactId>
     <groupId>org.apache.cloudstack</groupId>
-    <version>4.19.1.0</version>
+    <version>4.19.1.1</version>
     <relativePath>../../pom.xml</relativePath>
 </parent>
 <dependencies>
diff --git a/engine/userdata/pom.xml b/engine/userdata/pom.xml
index 2babb354c148..352a68738b75 100644
--- a/engine/userdata/pom.xml
+++ b/engine/userdata/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/agent-lb/pom.xml b/framework/agent-lb/pom.xml
index a5d9639d7880..a65e24e22809 100644
--- a/framework/agent-lb/pom.xml
+++ b/framework/agent-lb/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <artifactId>cloudstack-framework</artifactId>
         <groupId>org.apache.cloudstack</groupId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/framework/ca/pom.xml b/framework/ca/pom.xml
index a0458eaa6043..e05c55ee65c8 100644
--- a/framework/ca/pom.xml
+++ b/framework/ca/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/framework/cluster/pom.xml b/framework/cluster/pom.xml
index 20f3069d27d2..1dc046cd63fa 100644
--- a/framework/cluster/pom.xml
+++ b/framework/cluster/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/config/pom.xml b/framework/config/pom.xml
index 1c90c9fd1042..4f30a6ed2ba7 100644
--- a/framework/config/pom.xml
+++ b/framework/config/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/db/pom.xml b/framework/db/pom.xml
index 5199eca03e5c..cc6b82787f3d 100644
--- a/framework/db/pom.xml
+++ b/framework/db/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/direct-download/pom.xml b/framework/direct-download/pom.xml
index 51c2ed4dde38..0bdefa91a4d7 100644
--- a/framework/direct-download/pom.xml
+++ b/framework/direct-download/pom.xml
@@ -32,7 +32,7 @@
     <parent>
         <artifactId>cloudstack-framework</artifactId>
         <groupId>org.apache.cloudstack</groupId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/framework/events/pom.xml b/framework/events/pom.xml
index def0f189dddf..73219ac1ec2b 100644
--- a/framework/events/pom.xml
+++ b/framework/events/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/ipc/pom.xml b/framework/ipc/pom.xml
index 9e34bf0bc6d7..b9010371438c 100644
--- a/framework/ipc/pom.xml
+++ b/framework/ipc/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/jobs/pom.xml b/framework/jobs/pom.xml
index c74a0a723945..93690fd15053 100644
--- a/framework/jobs/pom.xml
+++ b/framework/jobs/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/managed-context/pom.xml b/framework/managed-context/pom.xml
index 3be67ecf0a1a..d40ed883df1f 100644
--- a/framework/managed-context/pom.xml
+++ b/framework/managed-context/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/pom.xml b/framework/pom.xml
index 792872efb462..7b8bf9f72ec9 100644
--- a/framework/pom.xml
+++ b/framework/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
     </parent>
     <build>
         <plugins>
diff --git a/framework/quota/pom.xml b/framework/quota/pom.xml
index 84e119a44890..d4a325e94bcf 100644
--- a/framework/quota/pom.xml
+++ b/framework/quota/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/rest/pom.xml b/framework/rest/pom.xml
index 1429a46098a3..0119e20a2fd3 100644
--- a/framework/rest/pom.xml
+++ b/framework/rest/pom.xml
@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <artifactId>cloud-framework-rest</artifactId>
diff --git a/framework/security/pom.xml b/framework/security/pom.xml
index c18bfaeb3b1e..80d596d7407e 100644
--- a/framework/security/pom.xml
+++ b/framework/security/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/spring/lifecycle/pom.xml b/framework/spring/lifecycle/pom.xml
index 5b614a87158b..673d93189079 100644
--- a/framework/spring/lifecycle/pom.xml
+++ b/framework/spring/lifecycle/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/spring/module/pom.xml b/framework/spring/module/pom.xml
index 00e8a29b4dcc..2174116feb75 100644
--- a/framework/spring/module/pom.xml
+++ b/framework/spring/module/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/acl/dynamic-role-based/pom.xml b/plugins/acl/dynamic-role-based/pom.xml
index 5f78c31e3886..1bad1036409b 100644
--- a/plugins/acl/dynamic-role-based/pom.xml
+++ b/plugins/acl/dynamic-role-based/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/acl/project-role-based/pom.xml b/plugins/acl/project-role-based/pom.xml
index 49d2ecd47b5f..3313467ac29c 100644
--- a/plugins/acl/project-role-based/pom.xml
+++ b/plugins/acl/project-role-based/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/acl/static-role-based/pom.xml b/plugins/acl/static-role-based/pom.xml
index fd0727f55eae..93f80b7c6dcd 100644
--- a/plugins/acl/static-role-based/pom.xml
+++ b/plugins/acl/static-role-based/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/affinity-group-processors/explicit-dedication/pom.xml b/plugins/affinity-group-processors/explicit-dedication/pom.xml
index 497a5810bafa..aaea68314a1c 100644
--- a/plugins/affinity-group-processors/explicit-dedication/pom.xml
+++ b/plugins/affinity-group-processors/explicit-dedication/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/affinity-group-processors/host-affinity/pom.xml b/plugins/affinity-group-processors/host-affinity/pom.xml
index 25f57d9f424d..fd4dc6213953 100644
--- a/plugins/affinity-group-processors/host-affinity/pom.xml
+++ b/plugins/affinity-group-processors/host-affinity/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/affinity-group-processors/host-anti-affinity/pom.xml b/plugins/affinity-group-processors/host-anti-affinity/pom.xml
index ab51fd598e57..fe586e3eeffa 100644
--- a/plugins/affinity-group-processors/host-anti-affinity/pom.xml
+++ b/plugins/affinity-group-processors/host-anti-affinity/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/affinity-group-processors/non-strict-host-affinity/pom.xml b/plugins/affinity-group-processors/non-strict-host-affinity/pom.xml
index 9a9494bdc61f..344d57f9a4d4 100644
--- a/plugins/affinity-group-processors/non-strict-host-affinity/pom.xml
+++ b/plugins/affinity-group-processors/non-strict-host-affinity/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/affinity-group-processors/non-strict-host-anti-affinity/pom.xml b/plugins/affinity-group-processors/non-strict-host-anti-affinity/pom.xml
index 261cf12fc3f8..cd86ae881175 100644
--- a/plugins/affinity-group-processors/non-strict-host-anti-affinity/pom.xml
+++ b/plugins/affinity-group-processors/non-strict-host-anti-affinity/pom.xml
@@ -32,7 +32,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/alert-handlers/snmp-alerts/pom.xml b/plugins/alert-handlers/snmp-alerts/pom.xml
index e2124a12e9e3..b1353e743b65 100644
--- a/plugins/alert-handlers/snmp-alerts/pom.xml
+++ b/plugins/alert-handlers/snmp-alerts/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <artifactId>cloudstack-plugins</artifactId>
         <groupId>org.apache.cloudstack</groupId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/alert-handlers/syslog-alerts/pom.xml b/plugins/alert-handlers/syslog-alerts/pom.xml
index d0f3ff57a696..0c3976cc811b 100644
--- a/plugins/alert-handlers/syslog-alerts/pom.xml
+++ b/plugins/alert-handlers/syslog-alerts/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <artifactId>cloudstack-plugins</artifactId>
         <groupId>org.apache.cloudstack</groupId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/api/discovery/pom.xml b/plugins/api/discovery/pom.xml
index fdb95168d1ba..088acb6523d1 100644
--- a/plugins/api/discovery/pom.xml
+++ b/plugins/api/discovery/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/api/rate-limit/pom.xml b/plugins/api/rate-limit/pom.xml
index 5abe676abf9b..4bddd771c0a7 100644
--- a/plugins/api/rate-limit/pom.xml
+++ b/plugins/api/rate-limit/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <build>
diff --git a/plugins/api/solidfire-intg-test/pom.xml b/plugins/api/solidfire-intg-test/pom.xml
index 8e088c1b6fa1..c7e8cb677f5e 100644
--- a/plugins/api/solidfire-intg-test/pom.xml
+++ b/plugins/api/solidfire-intg-test/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/api/vmware-sioc/pom.xml b/plugins/api/vmware-sioc/pom.xml
index 4a63912c847d..1138903aea56 100644
--- a/plugins/api/vmware-sioc/pom.xml
+++ b/plugins/api/vmware-sioc/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/backup/dummy/pom.xml b/plugins/backup/dummy/pom.xml
index 1315504ee8bf..9c0f783f65ab 100644
--- a/plugins/backup/dummy/pom.xml
+++ b/plugins/backup/dummy/pom.xml
@@ -23,7 +23,7 @@
     <parent>
         <artifactId>cloudstack-plugins</artifactId>
         <groupId>org.apache.cloudstack</groupId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/backup/networker/pom.xml b/plugins/backup/networker/pom.xml
index df947ce6471a..43a229a0cc25 100644
--- a/plugins/backup/networker/pom.xml
+++ b/plugins/backup/networker/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <artifactId>cloudstack-plugins</artifactId>
         <groupId>org.apache.cloudstack</groupId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/backup/veeam/pom.xml b/plugins/backup/veeam/pom.xml
index 20c346fdde17..6e3484e447e0 100644
--- a/plugins/backup/veeam/pom.xml
+++ b/plugins/backup/veeam/pom.xml
@@ -23,7 +23,7 @@
   <parent>
     <artifactId>cloudstack-plugins</artifactId>
     <groupId>org.apache.cloudstack</groupId>
-    <version>4.19.1.0</version>
+    <version>4.19.1.1</version>
     <relativePath>../../pom.xml</relativePath>
   </parent>
 
diff --git a/plugins/ca/root-ca/pom.xml b/plugins/ca/root-ca/pom.xml
index 44df2ffa6f0b..749da5566eab 100644
--- a/plugins/ca/root-ca/pom.xml
+++ b/plugins/ca/root-ca/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/database/mysql-ha/pom.xml b/plugins/database/mysql-ha/pom.xml
index 3481a9db9d12..875a44fc5425 100644
--- a/plugins/database/mysql-ha/pom.xml
+++ b/plugins/database/mysql-ha/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/database/quota/pom.xml b/plugins/database/quota/pom.xml
index 24b8cd36a580..2f3410af2f7e 100644
--- a/plugins/database/quota/pom.xml
+++ b/plugins/database/quota/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/dedicated-resources/pom.xml b/plugins/dedicated-resources/pom.xml
index 7d802a9c2d81..4a917c4a7f11 100644
--- a/plugins/dedicated-resources/pom.xml
+++ b/plugins/dedicated-resources/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/deployment-planners/implicit-dedication/pom.xml b/plugins/deployment-planners/implicit-dedication/pom.xml
index c963f0149412..cbd530a15da4 100644
--- a/plugins/deployment-planners/implicit-dedication/pom.xml
+++ b/plugins/deployment-planners/implicit-dedication/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/deployment-planners/user-concentrated-pod/pom.xml b/plugins/deployment-planners/user-concentrated-pod/pom.xml
index ef1afbae837d..065fe546b061 100644
--- a/plugins/deployment-planners/user-concentrated-pod/pom.xml
+++ b/plugins/deployment-planners/user-concentrated-pod/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/deployment-planners/user-dispersing/pom.xml b/plugins/deployment-planners/user-dispersing/pom.xml
index d042b3d39c57..deb6b51231a5 100644
--- a/plugins/deployment-planners/user-dispersing/pom.xml
+++ b/plugins/deployment-planners/user-dispersing/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/drs/cluster/balanced/pom.xml b/plugins/drs/cluster/balanced/pom.xml
index cbd2c1ac89cf..3aa5ed0467f3 100644
--- a/plugins/drs/cluster/balanced/pom.xml
+++ b/plugins/drs/cluster/balanced/pom.xml
@@ -27,7 +27,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/drs/cluster/condensed/pom.xml b/plugins/drs/cluster/condensed/pom.xml
index dc55dc9ac720..094f75058d79 100644
--- a/plugins/drs/cluster/condensed/pom.xml
+++ b/plugins/drs/cluster/condensed/pom.xml
@@ -27,7 +27,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/event-bus/inmemory/pom.xml b/plugins/event-bus/inmemory/pom.xml
index 1cffb07a662c..7b107eef6017 100644
--- a/plugins/event-bus/inmemory/pom.xml
+++ b/plugins/event-bus/inmemory/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/event-bus/kafka/pom.xml b/plugins/event-bus/kafka/pom.xml
index 9b39552a5187..f76693d27027 100644
--- a/plugins/event-bus/kafka/pom.xml
+++ b/plugins/event-bus/kafka/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/event-bus/rabbitmq/pom.xml b/plugins/event-bus/rabbitmq/pom.xml
index 6e9a8fc9da5b..e3e2d22f5063 100644
--- a/plugins/event-bus/rabbitmq/pom.xml
+++ b/plugins/event-bus/rabbitmq/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/ha-planners/skip-heurestics/pom.xml b/plugins/ha-planners/skip-heurestics/pom.xml
index 9c47f69005fc..54f753e19d10 100644
--- a/plugins/ha-planners/skip-heurestics/pom.xml
+++ b/plugins/ha-planners/skip-heurestics/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/host-allocators/random/pom.xml b/plugins/host-allocators/random/pom.xml
index d8a1b0d74a68..71cecd962505 100644
--- a/plugins/host-allocators/random/pom.xml
+++ b/plugins/host-allocators/random/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/hypervisors/baremetal/pom.xml b/plugins/hypervisors/baremetal/pom.xml
index b4c769423ba4..7e595ee8fbd4 100755
--- a/plugins/hypervisors/baremetal/pom.xml
+++ b/plugins/hypervisors/baremetal/pom.xml
@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <artifactId>cloud-plugin-hypervisor-baremetal</artifactId>
diff --git a/plugins/hypervisors/hyperv/pom.xml b/plugins/hypervisors/hyperv/pom.xml
index 0622aa0335af..e458f42002f9 100644
--- a/plugins/hypervisors/hyperv/pom.xml
+++ b/plugins/hypervisors/hyperv/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <properties>
diff --git a/plugins/hypervisors/kvm/pom.xml b/plugins/hypervisors/kvm/pom.xml
index 5089a574ccab..8772e2067f7a 100644
--- a/plugins/hypervisors/kvm/pom.xml
+++ b/plugins/hypervisors/kvm/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/hypervisors/ovm/pom.xml b/plugins/hypervisors/ovm/pom.xml
index e570e3105d92..071da377e8f5 100644
--- a/plugins/hypervisors/ovm/pom.xml
+++ b/plugins/hypervisors/ovm/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/hypervisors/ovm3/pom.xml b/plugins/hypervisors/ovm3/pom.xml
index d02126585b58..93bed50f557b 100644
--- a/plugins/hypervisors/ovm3/pom.xml
+++ b/plugins/hypervisors/ovm3/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/hypervisors/simulator/pom.xml b/plugins/hypervisors/simulator/pom.xml
index 8e32681db493..fb6d76360c79 100644
--- a/plugins/hypervisors/simulator/pom.xml
+++ b/plugins/hypervisors/simulator/pom.xml
@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <artifactId>cloud-plugin-hypervisor-simulator</artifactId>
diff --git a/plugins/hypervisors/ucs/pom.xml b/plugins/hypervisors/ucs/pom.xml
index 05fa4cfdf469..715ff0badff1 100644
--- a/plugins/hypervisors/ucs/pom.xml
+++ b/plugins/hypervisors/ucs/pom.xml
@@ -23,7 +23,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <artifactId>cloud-plugin-hypervisor-ucs</artifactId>
diff --git a/plugins/hypervisors/vmware/pom.xml b/plugins/hypervisors/vmware/pom.xml
index 3c528d969355..b8889cbffec1 100644
--- a/plugins/hypervisors/vmware/pom.xml
+++ b/plugins/hypervisors/vmware/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/hypervisors/xenserver/pom.xml b/plugins/hypervisors/xenserver/pom.xml
index be15709cb8d6..5e2006203380 100644
--- a/plugins/hypervisors/xenserver/pom.xml
+++ b/plugins/hypervisors/xenserver/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/integrations/cloudian/pom.xml b/plugins/integrations/cloudian/pom.xml
index 088e6ef306f0..901acb7abc76 100644
--- a/plugins/integrations/cloudian/pom.xml
+++ b/plugins/integrations/cloudian/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/integrations/kubernetes-service/pom.xml b/plugins/integrations/kubernetes-service/pom.xml
index faf96bdc2402..bc6d3adfdfb2 100644
--- a/plugins/integrations/kubernetes-service/pom.xml
+++ b/plugins/integrations/kubernetes-service/pom.xml
@@ -26,7 +26,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/integrations/prometheus/pom.xml b/plugins/integrations/prometheus/pom.xml
index e409958190ec..f9cad05ac6ef 100644
--- a/plugins/integrations/prometheus/pom.xml
+++ b/plugins/integrations/prometheus/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/metrics/pom.xml b/plugins/metrics/pom.xml
index 52867a0ae807..ac8fbe9e8154 100644
--- a/plugins/metrics/pom.xml
+++ b/plugins/metrics/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/network-elements/bigswitch/pom.xml b/plugins/network-elements/bigswitch/pom.xml
index 2ca87b951d0e..88c661a906da 100644
--- a/plugins/network-elements/bigswitch/pom.xml
+++ b/plugins/network-elements/bigswitch/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/network-elements/brocade-vcs/pom.xml b/plugins/network-elements/brocade-vcs/pom.xml
index 2547b26e633e..96193a10575b 100644
--- a/plugins/network-elements/brocade-vcs/pom.xml
+++ b/plugins/network-elements/brocade-vcs/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <build>
diff --git a/plugins/network-elements/cisco-vnmc/pom.xml b/plugins/network-elements/cisco-vnmc/pom.xml
index b5ca98a6438e..87b8bb5a5814 100644
--- a/plugins/network-elements/cisco-vnmc/pom.xml
+++ b/plugins/network-elements/cisco-vnmc/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/network-elements/dns-notifier/pom.xml b/plugins/network-elements/dns-notifier/pom.xml
index bcf08ce151b5..0e0f8fe374cf 100644
--- a/plugins/network-elements/dns-notifier/pom.xml
+++ b/plugins/network-elements/dns-notifier/pom.xml
@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <artifactId>cloud-plugin-example-dns-notifier</artifactId>
diff --git a/plugins/network-elements/elastic-loadbalancer/pom.xml b/plugins/network-elements/elastic-loadbalancer/pom.xml
index 7956e428ef9f..dec208cb8d82 100644
--- a/plugins/network-elements/elastic-loadbalancer/pom.xml
+++ b/plugins/network-elements/elastic-loadbalancer/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/network-elements/globodns/pom.xml b/plugins/network-elements/globodns/pom.xml
index eaeb93fdeb0b..2d4e2e766a46 100644
--- a/plugins/network-elements/globodns/pom.xml
+++ b/plugins/network-elements/globodns/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/network-elements/internal-loadbalancer/pom.xml b/plugins/network-elements/internal-loadbalancer/pom.xml
index f9952efb3c53..6dafbb44b059 100644
--- a/plugins/network-elements/internal-loadbalancer/pom.xml
+++ b/plugins/network-elements/internal-loadbalancer/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/network-elements/juniper-contrail/pom.xml b/plugins/network-elements/juniper-contrail/pom.xml
index 9efe981137be..7b623f1df82d 100644
--- a/plugins/network-elements/juniper-contrail/pom.xml
+++ b/plugins/network-elements/juniper-contrail/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/network-elements/netscaler/pom.xml b/plugins/network-elements/netscaler/pom.xml
index 3329e6e3e689..8e87e3336eac 100644
--- a/plugins/network-elements/netscaler/pom.xml
+++ b/plugins/network-elements/netscaler/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/network-elements/nicira-nvp/pom.xml b/plugins/network-elements/nicira-nvp/pom.xml
index 1aac01bbc37d..2c6e4e7544f3 100644
--- a/plugins/network-elements/nicira-nvp/pom.xml
+++ b/plugins/network-elements/nicira-nvp/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/network-elements/opendaylight/pom.xml b/plugins/network-elements/opendaylight/pom.xml
index 15e0b73170e8..16567f3fb184 100644
--- a/plugins/network-elements/opendaylight/pom.xml
+++ b/plugins/network-elements/opendaylight/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <profiles>
diff --git a/plugins/network-elements/ovs/pom.xml b/plugins/network-elements/ovs/pom.xml
index c2c8862de120..1ba739869e48 100644
--- a/plugins/network-elements/ovs/pom.xml
+++ b/plugins/network-elements/ovs/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/network-elements/palo-alto/pom.xml b/plugins/network-elements/palo-alto/pom.xml
index 1c5cf968bc14..43cf93ad0431 100644
--- a/plugins/network-elements/palo-alto/pom.xml
+++ b/plugins/network-elements/palo-alto/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/network-elements/stratosphere-ssp/pom.xml b/plugins/network-elements/stratosphere-ssp/pom.xml
index b91dfaecbe5b..852591c771c9 100644
--- a/plugins/network-elements/stratosphere-ssp/pom.xml
+++ b/plugins/network-elements/stratosphere-ssp/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/network-elements/tungsten/pom.xml b/plugins/network-elements/tungsten/pom.xml
index a1fe498792cd..907063ca987e 100644
--- a/plugins/network-elements/tungsten/pom.xml
+++ b/plugins/network-elements/tungsten/pom.xml
@@ -26,7 +26,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
diff --git a/plugins/network-elements/vxlan/pom.xml b/plugins/network-elements/vxlan/pom.xml
index b9319b1daf2e..b106aad623e3 100644
--- a/plugins/network-elements/vxlan/pom.xml
+++ b/plugins/network-elements/vxlan/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/outofbandmanagement-drivers/ipmitool/pom.xml b/plugins/outofbandmanagement-drivers/ipmitool/pom.xml
index efc7c0dfd0cb..26a191a279ed 100644
--- a/plugins/outofbandmanagement-drivers/ipmitool/pom.xml
+++ b/plugins/outofbandmanagement-drivers/ipmitool/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/outofbandmanagement-drivers/nested-cloudstack/pom.xml b/plugins/outofbandmanagement-drivers/nested-cloudstack/pom.xml
index a81b94ce5b9d..d90643d331d8 100644
--- a/plugins/outofbandmanagement-drivers/nested-cloudstack/pom.xml
+++ b/plugins/outofbandmanagement-drivers/nested-cloudstack/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/outofbandmanagement-drivers/redfish/pom.xml b/plugins/outofbandmanagement-drivers/redfish/pom.xml
index 8e6ba9ba8b18..d4d1145d24e8 100644
--- a/plugins/outofbandmanagement-drivers/redfish/pom.xml
+++ b/plugins/outofbandmanagement-drivers/redfish/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/pom.xml b/plugins/pom.xml
index 6232e8975690..48f79588eb5c 100755
--- a/plugins/pom.xml
+++ b/plugins/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
     </parent>
     <build>
         <plugins>
diff --git a/plugins/shutdown/pom.xml b/plugins/shutdown/pom.xml
index 6665707fae1f..b7ca2e40baca 100644
--- a/plugins/shutdown/pom.xml
+++ b/plugins/shutdown/pom.xml
@@ -26,7 +26,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage-allocators/random/pom.xml b/plugins/storage-allocators/random/pom.xml
index 4af469ad3bba..2b62c6e5d3f3 100644
--- a/plugins/storage-allocators/random/pom.xml
+++ b/plugins/storage-allocators/random/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/image/default/pom.xml b/plugins/storage/image/default/pom.xml
index 8ce7a58f3669..1925c870dfe2 100644
--- a/plugins/storage/image/default/pom.xml
+++ b/plugins/storage/image/default/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/image/s3/pom.xml b/plugins/storage/image/s3/pom.xml
index 9be978209a6e..50c42978b1bd 100644
--- a/plugins/storage/image/s3/pom.xml
+++ b/plugins/storage/image/s3/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/image/sample/pom.xml b/plugins/storage/image/sample/pom.xml
index 7669c371d77c..ef728bf7c43e 100644
--- a/plugins/storage/image/sample/pom.xml
+++ b/plugins/storage/image/sample/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/image/swift/pom.xml b/plugins/storage/image/swift/pom.xml
index 57dff5581897..f8124f5ed9d0 100644
--- a/plugins/storage/image/swift/pom.xml
+++ b/plugins/storage/image/swift/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/object/minio/pom.xml b/plugins/storage/object/minio/pom.xml
index 3b992f151e2c..a0c803d2e709 100644
--- a/plugins/storage/object/minio/pom.xml
+++ b/plugins/storage/object/minio/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/object/simulator/pom.xml b/plugins/storage/object/simulator/pom.xml
index 9a33cb4934dc..a8d83ee547e7 100644
--- a/plugins/storage/object/simulator/pom.xml
+++ b/plugins/storage/object/simulator/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/volume/adaptive/pom.xml b/plugins/storage/volume/adaptive/pom.xml
index 5eb500561abb..e170a730c00c 100644
--- a/plugins/storage/volume/adaptive/pom.xml
+++ b/plugins/storage/volume/adaptive/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/volume/cloudbyte/pom.xml b/plugins/storage/volume/cloudbyte/pom.xml
index cbf8b030fe7c..1a2a667e0cf9 100644
--- a/plugins/storage/volume/cloudbyte/pom.xml
+++ b/plugins/storage/volume/cloudbyte/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/volume/datera/pom.xml b/plugins/storage/volume/datera/pom.xml
index e78f959b18ca..f8563f9a8eee 100644
--- a/plugins/storage/volume/datera/pom.xml
+++ b/plugins/storage/volume/datera/pom.xml
@@ -16,7 +16,7 @@
   <parent>
     <groupId>org.apache.cloudstack</groupId>
     <artifactId>cloudstack-plugins</artifactId>
-    <version>4.19.1.0</version>
+    <version>4.19.1.1</version>
     <relativePath>../../../pom.xml</relativePath>
   </parent>
   <dependencies>
diff --git a/plugins/storage/volume/default/pom.xml b/plugins/storage/volume/default/pom.xml
index fca704cf7ce1..c5a7e5561b1c 100644
--- a/plugins/storage/volume/default/pom.xml
+++ b/plugins/storage/volume/default/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/volume/flasharray/pom.xml b/plugins/storage/volume/flasharray/pom.xml
index 94de5cb04b93..56f034a954e6 100644
--- a/plugins/storage/volume/flasharray/pom.xml
+++ b/plugins/storage/volume/flasharray/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/volume/linstor/pom.xml b/plugins/storage/volume/linstor/pom.xml
index c96bed7a2e01..7d1c157dc5e1 100644
--- a/plugins/storage/volume/linstor/pom.xml
+++ b/plugins/storage/volume/linstor/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/volume/nexenta/pom.xml b/plugins/storage/volume/nexenta/pom.xml
index 1d9b68f6abb1..5b44b7087e33 100644
--- a/plugins/storage/volume/nexenta/pom.xml
+++ b/plugins/storage/volume/nexenta/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/volume/primera/pom.xml b/plugins/storage/volume/primera/pom.xml
index e0241905d6db..cb137fd74806 100644
--- a/plugins/storage/volume/primera/pom.xml
+++ b/plugins/storage/volume/primera/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/volume/sample/pom.xml b/plugins/storage/volume/sample/pom.xml
index e9294cc89101..7208076858b0 100644
--- a/plugins/storage/volume/sample/pom.xml
+++ b/plugins/storage/volume/sample/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/volume/scaleio/pom.xml b/plugins/storage/volume/scaleio/pom.xml
index 28151354cb98..96264a2e91fb 100644
--- a/plugins/storage/volume/scaleio/pom.xml
+++ b/plugins/storage/volume/scaleio/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/volume/solidfire/pom.xml b/plugins/storage/volume/solidfire/pom.xml
index 1dc282a4c477..80f0d3aed3ad 100644
--- a/plugins/storage/volume/solidfire/pom.xml
+++ b/plugins/storage/volume/solidfire/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/volume/storpool/pom.xml b/plugins/storage/volume/storpool/pom.xml
index 339af6f2529d..ef2cc3eba70b 100644
--- a/plugins/storage/volume/storpool/pom.xml
+++ b/plugins/storage/volume/storpool/pom.xml
@@ -17,7 +17,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/user-authenticators/ldap/pom.xml b/plugins/user-authenticators/ldap/pom.xml
index 18dc3df0867f..fcffb84c9e71 100644
--- a/plugins/user-authenticators/ldap/pom.xml
+++ b/plugins/user-authenticators/ldap/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
diff --git a/plugins/user-authenticators/md5/pom.xml b/plugins/user-authenticators/md5/pom.xml
index 795959d31b26..69d39f1050af 100644
--- a/plugins/user-authenticators/md5/pom.xml
+++ b/plugins/user-authenticators/md5/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/user-authenticators/oauth2/pom.xml b/plugins/user-authenticators/oauth2/pom.xml
index 9971a631fe1c..18f594166ed0 100644
--- a/plugins/user-authenticators/oauth2/pom.xml
+++ b/plugins/user-authenticators/oauth2/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/user-authenticators/pbkdf2/pom.xml b/plugins/user-authenticators/pbkdf2/pom.xml
index eae26486f4b5..663f7eead609 100644
--- a/plugins/user-authenticators/pbkdf2/pom.xml
+++ b/plugins/user-authenticators/pbkdf2/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/user-authenticators/plain-text/pom.xml b/plugins/user-authenticators/plain-text/pom.xml
index 2c5b605458b3..81a07c47de12 100644
--- a/plugins/user-authenticators/plain-text/pom.xml
+++ b/plugins/user-authenticators/plain-text/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/user-authenticators/saml2/pom.xml b/plugins/user-authenticators/saml2/pom.xml
index 5e70fc4730ce..8742800328a3 100644
--- a/plugins/user-authenticators/saml2/pom.xml
+++ b/plugins/user-authenticators/saml2/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/user-authenticators/sha256salted/pom.xml b/plugins/user-authenticators/sha256salted/pom.xml
index 6987f8442001..21d11ebb9884 100644
--- a/plugins/user-authenticators/sha256salted/pom.xml
+++ b/plugins/user-authenticators/sha256salted/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/user-two-factor-authenticators/static-pin/pom.xml b/plugins/user-two-factor-authenticators/static-pin/pom.xml
index e8a69d258a9c..f494d3898e3c 100644
--- a/plugins/user-two-factor-authenticators/static-pin/pom.xml
+++ b/plugins/user-two-factor-authenticators/static-pin/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/user-two-factor-authenticators/totp/pom.xml b/plugins/user-two-factor-authenticators/totp/pom.xml
index 1ceaff1efb69..b9093d6afab2 100644
--- a/plugins/user-two-factor-authenticators/totp/pom.xml
+++ b/plugins/user-two-factor-authenticators/totp/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/pom.xml b/pom.xml
index e308180ef633..e3228e574a94 100644
--- a/pom.xml
+++ b/pom.xml
@@ -29,7 +29,7 @@
 
     <groupId>org.apache.cloudstack</groupId>
     <artifactId>cloudstack</artifactId>
-    <version>4.19.1.0</version>
+    <version>4.19.1.1</version>
     <packaging>pom</packaging>
     <name>Apache CloudStack</name>
     <description>Apache CloudStack is an IaaS ("Infrastructure as a Service") cloud orchestration platform.</description>
diff --git a/quickcloud/pom.xml b/quickcloud/pom.xml
index 1e59f8c6b09d..7f81244db091 100644
--- a/quickcloud/pom.xml
+++ b/quickcloud/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/server/pom.xml b/server/pom.xml
index dc8dcf112d2e..09d8ee309c9e 100644
--- a/server/pom.xml
+++ b/server/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
     </parent>
     <repositories>
         <repository>
diff --git a/services/console-proxy/pom.xml b/services/console-proxy/pom.xml
index df449c4a708f..02ee2921d2a9 100644
--- a/services/console-proxy/pom.xml
+++ b/services/console-proxy/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-services</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <build>
diff --git a/services/console-proxy/rdpconsole/pom.xml b/services/console-proxy/rdpconsole/pom.xml
index a6c1be7e2bbe..0d74b451474a 100644
--- a/services/console-proxy/rdpconsole/pom.xml
+++ b/services/console-proxy/rdpconsole/pom.xml
@@ -26,7 +26,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-service-console-proxy</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/services/console-proxy/server/pom.xml b/services/console-proxy/server/pom.xml
index 76a836b2c293..48024431a8d1 100644
--- a/services/console-proxy/server/pom.xml
+++ b/services/console-proxy/server/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-service-console-proxy</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/services/pom.xml b/services/pom.xml
index 16622d9dec80..24169e8778df 100644
--- a/services/pom.xml
+++ b/services/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <build>
diff --git a/services/secondary-storage/controller/pom.xml b/services/secondary-storage/controller/pom.xml
index 758d28e2d8fb..c0dfb9e79cab 100644
--- a/services/secondary-storage/controller/pom.xml
+++ b/services/secondary-storage/controller/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-service-secondary-storage</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/services/secondary-storage/pom.xml b/services/secondary-storage/pom.xml
index a7f501efa5fd..a5a35c63c88d 100644
--- a/services/secondary-storage/pom.xml
+++ b/services/secondary-storage/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-services</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <build>
diff --git a/services/secondary-storage/server/pom.xml b/services/secondary-storage/server/pom.xml
index f9095fd72133..fa6d40782a35 100644
--- a/services/secondary-storage/server/pom.xml
+++ b/services/secondary-storage/server/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-service-secondary-storage</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/systemvm/pom.xml b/systemvm/pom.xml
index e3db354dd795..4d742ad7a009 100644
--- a/systemvm/pom.xml
+++ b/systemvm/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <properties>
diff --git a/test/pom.xml b/test/pom.xml
index 976afc90ebcd..7a68fcdcef1f 100644
--- a/test/pom.xml
+++ b/test/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
     </parent>
     <dependencies>
         <dependency>
diff --git a/tools/apidoc/pom.xml b/tools/apidoc/pom.xml
index 11af6486f4c1..20196a426146 100644
--- a/tools/apidoc/pom.xml
+++ b/tools/apidoc/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-tools</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <properties>
diff --git a/tools/checkstyle/pom.xml b/tools/checkstyle/pom.xml
index 727fbee89bd2..fa4122d0391b 100644
--- a/tools/checkstyle/pom.xml
+++ b/tools/checkstyle/pom.xml
@@ -22,7 +22,7 @@
     <name>Apache CloudStack Developer Tools - Checkstyle Configuration</name>
     <groupId>org.apache.cloudstack</groupId>
     <artifactId>checkstyle</artifactId>
-    <version>4.19.1.0</version>
+    <version>4.19.1.1</version>
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
diff --git a/tools/devcloud-kvm/pom.xml b/tools/devcloud-kvm/pom.xml
index 42794d03504d..1fbb630eff85 100644
--- a/tools/devcloud-kvm/pom.xml
+++ b/tools/devcloud-kvm/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-tools</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/tools/devcloud4/pom.xml b/tools/devcloud4/pom.xml
index 3b0e1e5031f9..d6ccfa14245d 100644
--- a/tools/devcloud4/pom.xml
+++ b/tools/devcloud4/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-tools</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/tools/marvin/pom.xml b/tools/marvin/pom.xml
index 2efc4c3f373c..94adc211b51f 100644
--- a/tools/marvin/pom.xml
+++ b/tools/marvin/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-tools</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/tools/pom.xml b/tools/pom.xml
index 53ebb83c3d13..67ab345b527c 100644
--- a/tools/pom.xml
+++ b/tools/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <build>
diff --git a/usage/pom.xml b/usage/pom.xml
index d33d2d7e92a4..cca3c59d49fb 100644
--- a/usage/pom.xml
+++ b/usage/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
     </parent>
     <dependencies>
         <dependency>
diff --git a/utils/pom.xml b/utils/pom.xml
index 2505fa3593b4..8d3b6863c224 100755
--- a/utils/pom.xml
+++ b/utils/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/vmware-base/pom.xml b/vmware-base/pom.xml
index f37057d804fc..958a461ee40e 100644
--- a/vmware-base/pom.xml
+++ b/vmware-base/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.19.1.0</version>
+        <version>4.19.1.1</version>
     </parent>
     <dependencies>
         <dependency>

From 24d12f13277214d97666801452769324bb52cdbd Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Wed, 28 Aug 2024 15:22:29 +0200
Subject: [PATCH 09/24] Session Token Invalidation on Logout

---
 .../main/java/com/cloud/api/ApiServlet.java   | 27 ++++++++++---------
 ui/src/api/index.js                           |  1 -
 ui/src/store/modules/user.js                  | 11 ++++----
 3 files changed, 21 insertions(+), 18 deletions(-)

diff --git a/server/src/main/java/com/cloud/api/ApiServlet.java b/server/src/main/java/com/cloud/api/ApiServlet.java
index f6f46419c049..e719238afef1 100644
--- a/server/src/main/java/com/cloud/api/ApiServlet.java
+++ b/server/src/main/java/com/cloud/api/ApiServlet.java
@@ -260,19 +260,22 @@ void processRequestInContext(final HttpServletRequest req, final HttpServletResp
                     }
 
                     if (apiAuthenticator.getAPIType() == APIAuthenticationType.LOGOUT_API) {
-                        if (session != null) {
-                            final Long userId = (Long) session.getAttribute("userid");
-                            final Account account = (Account) session.getAttribute("accountobj");
-                            Long accountId = null;
-                            if (account != null) {
-                                accountId = account.getId();
-                            }
-                            auditTrailSb.insert(0, "(userId=" + userId + " accountId=" + accountId + " sessionId=" + session.getId() + ")");
-                            if (userId != null) {
-                                apiServer.logoutUser(userId);
-                            }
-                            invalidateHttpSession(session, "invalidating session after logout call");
+                        if (session == null) {
+                            throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Session not found for the logout process.");
                         }
+
+                        final Long userId = (Long) session.getAttribute("userid");
+                        final Account account = (Account) session.getAttribute("accountobj");
+                        Long accountId = null;
+                        if (account != null) {
+                            accountId = account.getId();
+                        }
+                        auditTrailSb.insert(0, "(userId=" + userId + " accountId=" + accountId + " sessionId=" + session.getId() + ")");
+                        if (userId != null) {
+                            apiServer.logoutUser(userId);
+                        }
+                        invalidateHttpSession(session, "invalidating session after logout call");
+
                         final Cookie[] cookies = req.getCookies();
                         if (cookies != null) {
                             for (final Cookie cookie : cookies) {
diff --git a/ui/src/api/index.js b/ui/src/api/index.js
index 5e4286289870..0d82a862528f 100644
--- a/ui/src/api/index.js
+++ b/ui/src/api/index.js
@@ -65,7 +65,6 @@ export function login (arg) {
 }
 
 export function logout () {
-  sourceToken.cancel()
   message.destroy()
   notification.destroy()
   return api('logout')
diff --git a/ui/src/store/modules/user.js b/ui/src/store/modules/user.js
index 3994a3fc29d7..706653641f5c 100644
--- a/ui/src/store/modules/user.js
+++ b/ui/src/store/modules/user.js
@@ -24,6 +24,7 @@ import router from '@/router'
 import store from '@/store'
 import { login, logout, api } from '@/api'
 import { i18n } from '@/locales'
+import { sourceToken } from '@/utils/request'
 
 import {
   ACCESS_TOKEN,
@@ -304,11 +305,6 @@ const user = {
           cloudianUrl = state.cloudian.url + 'logout.htm?redirect=' + encodeURIComponent(window.location.href)
         }
 
-        Object.keys(Cookies.get()).forEach(cookieName => {
-          Cookies.remove(cookieName)
-          Cookies.remove(cookieName, { path: '/client' })
-        })
-
         commit('SET_TOKEN', '')
         commit('SET_APIS', {})
         commit('SET_PROJECT', {})
@@ -336,6 +332,11 @@ const user = {
           }
         }).catch(() => {
           resolve()
+        }).finally(() => {
+          Object.keys(Cookies.get()).forEach(cookieName => {
+            Cookies.remove(cookieName)
+            Cookies.remove(cookieName, { path: '/client' })
+          })
         })
       })
     },

From b97bd3bee14010d48d6826715110ca347d01a5e6 Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Tue, 20 Aug 2024 15:12:54 +0200
Subject: [PATCH 10/24] fix quota resource access validation

---
 .../java/com/cloud/user/AccountService.java   |   2 +
 .../api/command/QuotaBalanceCmd.java          |  13 ++-
 .../api/command/QuotaCreditsCmd.java          |   6 ++
 .../api/command/QuotaStatementCmd.java        |   6 ++
 .../management/MockAccountManager.java        |   5 +
 .../api/dispatch/ParamProcessWorker.java      |  57 +++++-----
 .../com/cloud/user/AccountManagerImpl.java    |  14 +++
 .../api/dispatch/ParamProcessWorkerTest.java  | 101 ++++++++++++++++--
 .../cloud/user/MockAccountManagerImpl.java    |   5 +
 9 files changed, 172 insertions(+), 37 deletions(-)

diff --git a/api/src/main/java/com/cloud/user/AccountService.java b/api/src/main/java/com/cloud/user/AccountService.java
index 77a5b442e861..7d2c58c8919b 100644
--- a/api/src/main/java/com/cloud/user/AccountService.java
+++ b/api/src/main/java/com/cloud/user/AccountService.java
@@ -114,6 +114,8 @@ User createUser(String userName, String password, String firstName, String lastN
 
     void checkAccess(Account account, AccessType accessType, boolean sameOwner, String apiName, ControlledEntity... entities) throws PermissionDeniedException;
 
+    void validateAccountHasAccessToResource(Account account, AccessType accessType, Object resource);
+
     Long finalyzeAccountId(String accountName, Long domainId, Long projectId, boolean enabledOnly);
 
     /**
diff --git a/plugins/database/quota/src/main/java/org/apache/cloudstack/api/command/QuotaBalanceCmd.java b/plugins/database/quota/src/main/java/org/apache/cloudstack/api/command/QuotaBalanceCmd.java
index f4e248855fd0..ecb6531d0cf1 100644
--- a/plugins/database/quota/src/main/java/org/apache/cloudstack/api/command/QuotaBalanceCmd.java
+++ b/plugins/database/quota/src/main/java/org/apache/cloudstack/api/command/QuotaBalanceCmd.java
@@ -21,6 +21,8 @@
 
 import javax.inject.Inject;
 
+import com.cloud.user.Account;
+import org.apache.cloudstack.api.ACL;
 import org.apache.log4j.Logger;
 import org.apache.cloudstack.api.APICommand;
 import org.apache.cloudstack.api.ApiConstants;
@@ -42,6 +44,7 @@ public class QuotaBalanceCmd extends BaseCmd {
     @Parameter(name = ApiConstants.ACCOUNT, type = CommandType.STRING, required = true, description = "Account Id for which statement needs to be generated")
     private String accountName;
 
+    @ACL
     @Parameter(name = ApiConstants.DOMAIN_ID, type = CommandType.UUID, required = true, entityType = DomainResponse.class, description = "If domain Id is given and the caller is domain admin then the statement is generated for domain.")
     private Long domainId;
 
@@ -51,6 +54,7 @@ public class QuotaBalanceCmd extends BaseCmd {
     @Parameter(name = ApiConstants.START_DATE, type = CommandType.DATE, description = "Start date range quota query. Use yyyy-MM-dd as the date format, e.g. startDate=2009-06-01.")
     private Date startDate;
 
+    @ACL
     @Parameter(name = ApiConstants.ACCOUNT_ID, type = CommandType.UUID, entityType = AccountResponse.class, description = "List usage records for the specified account")
     private Long accountId;
 
@@ -104,7 +108,14 @@ public void setStartDate(Date startDate) {
 
     @Override
     public long getEntityOwnerId() {
-       return _accountService.getActiveAccountByName(accountName, domainId).getAccountId();
+        if (accountId != null) {
+            return accountId;
+        }
+        Account account = _accountService.getActiveAccountByName(accountName, domainId);
+        if (account != null) {
+            return account.getAccountId();
+        }
+        return Account.ACCOUNT_ID_SYSTEM;
     }
 
     @Override
diff --git a/plugins/database/quota/src/main/java/org/apache/cloudstack/api/command/QuotaCreditsCmd.java b/plugins/database/quota/src/main/java/org/apache/cloudstack/api/command/QuotaCreditsCmd.java
index c47c0ad2d763..e83d52f94f41 100644
--- a/plugins/database/quota/src/main/java/org/apache/cloudstack/api/command/QuotaCreditsCmd.java
+++ b/plugins/database/quota/src/main/java/org/apache/cloudstack/api/command/QuotaCreditsCmd.java
@@ -18,6 +18,7 @@
 
 import com.cloud.user.Account;
 
+import org.apache.cloudstack.api.ACL;
 import org.apache.cloudstack.api.APICommand;
 import org.apache.cloudstack.api.ApiConstants;
 import org.apache.cloudstack.api.ApiErrorCode;
@@ -48,6 +49,7 @@ public class QuotaCreditsCmd extends BaseCmd {
     @Parameter(name = ApiConstants.ACCOUNT, type = CommandType.STRING, required = true, description = "Account Id for which quota credits need to be added")
     private String accountName;
 
+    @ACL
     @Parameter(name = ApiConstants.DOMAIN_ID, type = CommandType.UUID, required = true, entityType = DomainResponse.class, description = "Domain for which quota credits need to be added")
     private Long domainId;
 
@@ -132,6 +134,10 @@ public void execute() {
 
     @Override
     public long getEntityOwnerId() {
+        Account account = _accountService.getActiveAccountByName(accountName, domainId);
+        if (account != null) {
+            return account.getAccountId();
+        }
         return Account.ACCOUNT_ID_SYSTEM;
     }
 
diff --git a/plugins/database/quota/src/main/java/org/apache/cloudstack/api/command/QuotaStatementCmd.java b/plugins/database/quota/src/main/java/org/apache/cloudstack/api/command/QuotaStatementCmd.java
index 4d1c233c37a3..3219ba1448fc 100644
--- a/plugins/database/quota/src/main/java/org/apache/cloudstack/api/command/QuotaStatementCmd.java
+++ b/plugins/database/quota/src/main/java/org/apache/cloudstack/api/command/QuotaStatementCmd.java
@@ -21,6 +21,7 @@
 
 import javax.inject.Inject;
 
+import org.apache.cloudstack.api.ACL;
 import org.apache.cloudstack.api.APICommand;
 import org.apache.cloudstack.api.ApiConstants;
 import org.apache.cloudstack.api.BaseCmd;
@@ -44,6 +45,7 @@ public class QuotaStatementCmd extends BaseCmd {
     @Parameter(name = ApiConstants.ACCOUNT, type = CommandType.STRING, required = true, description = "Optional, Account Id for which statement needs to be generated")
     private String accountName;
 
+    @ACL
     @Parameter(name = ApiConstants.DOMAIN_ID, type = CommandType.UUID, required = true, entityType = DomainResponse.class, description = "Optional, If domain Id is given and the caller is domain admin then the statement is generated for domain.")
     private Long domainId;
 
@@ -56,6 +58,7 @@ public class QuotaStatementCmd extends BaseCmd {
     @Parameter(name = ApiConstants.TYPE, type = CommandType.INTEGER, description = "List quota usage records for the specified usage type")
     private Integer usageType;
 
+    @ACL
     @Parameter(name = ApiConstants.ACCOUNT_ID, type = CommandType.UUID, entityType = AccountResponse.class, description = "List usage records for the specified account")
     private Long accountId;
 
@@ -112,6 +115,9 @@ public void setStartDate(Date startDate) {
 
     @Override
     public long getEntityOwnerId() {
+        if (accountId != null) {
+            return accountId;
+        }
         Account activeAccountByName = _accountService.getActiveAccountByName(accountName, domainId);
         if (activeAccountByName != null) {
             return activeAccountByName.getAccountId();
diff --git a/plugins/network-elements/juniper-contrail/src/test/java/org/apache/cloudstack/network/contrail/management/MockAccountManager.java b/plugins/network-elements/juniper-contrail/src/test/java/org/apache/cloudstack/network/contrail/management/MockAccountManager.java
index bf0b94a71acc..80e2fb4aafd3 100644
--- a/plugins/network-elements/juniper-contrail/src/test/java/org/apache/cloudstack/network/contrail/management/MockAccountManager.java
+++ b/plugins/network-elements/juniper-contrail/src/test/java/org/apache/cloudstack/network/contrail/management/MockAccountManager.java
@@ -446,6 +446,11 @@ public void checkAccess(Account account, AccessType accessType, boolean sameOwne
         // TODO Auto-generated method stub
     }
 
+    @Override
+    public void validateAccountHasAccessToResource(Account account, AccessType accessType, Object resource) {
+        // TODO Auto-generated method stub
+    }
+
     @Override
     public Long finalyzeAccountId(String accountName, Long domainId, Long projectId, boolean enabledOnly) {
         // TODO Auto-generated method stub
diff --git a/server/src/main/java/com/cloud/api/dispatch/ParamProcessWorker.java b/server/src/main/java/com/cloud/api/dispatch/ParamProcessWorker.java
index 9f07db4b033b..b11a5282e627 100644
--- a/server/src/main/java/com/cloud/api/dispatch/ParamProcessWorker.java
+++ b/server/src/main/java/com/cloud/api/dispatch/ParamProcessWorker.java
@@ -32,8 +32,6 @@
 
 import javax.inject.Inject;
 
-import org.apache.cloudstack.acl.ControlledEntity;
-import org.apache.cloudstack.acl.InfrastructureEntity;
 import org.apache.cloudstack.acl.SecurityChecker;
 import org.apache.cloudstack.acl.SecurityChecker.AccessType;
 import org.apache.cloudstack.api.ACL;
@@ -288,40 +286,43 @@ public void processParameters(final BaseCmd cmd, final Map params) {
         doAccessChecks(cmd, entitiesToAccess);
     }
 
-    private void doAccessChecks(BaseCmd cmd, Map<Object, AccessType> entitiesToAccess) {
+    protected void doAccessChecks(BaseCmd cmd, Map<Object, AccessType> entitiesToAccess) {
+        Account[] owners = getEntityOwners(cmd);
+
         Account caller = CallContext.current().getCallingAccount();
+        if (cmd instanceof BaseAsyncCreateCmd) {
+            // check that caller can access the owner account.
+            _accountMgr.checkAccess(caller, null, false, owners);
+        }
+
+        checkCallerAccessToEntities(caller, owners, entitiesToAccess);
+    }
+
+    protected Account[] getEntityOwners(BaseCmd cmd) {
         List<Long> entityOwners = cmd.getEntityOwnerIds();
-        Account[] owners = null;
         if (entityOwners != null) {
-            owners = entityOwners.stream().map(id -> _accountMgr.getAccount(id)).toArray(Account[]::new);
+            return entityOwners.stream().map(id -> _accountMgr.getAccount(id)).toArray(Account[]::new);
+        }
+
+        if (cmd.getEntityOwnerId() == Account.ACCOUNT_ID_SYSTEM && cmd instanceof BaseAsyncCmd && cmd.getApiResourceType() == ApiCommandResourceType.Network) {
+            s_logger.debug("Skipping access check on the network owner if the owner is ROOT/system.");
         } else {
-            if (cmd.getEntityOwnerId() == Account.ACCOUNT_ID_SYSTEM && cmd instanceof BaseAsyncCmd && ((BaseAsyncCmd)cmd).getApiResourceType() == ApiCommandResourceType.Network) {
-                if (s_logger.isDebugEnabled()) {
-                    s_logger.debug("Skipping access check on the network owner if the owner is ROOT/system.");
-                }
-                owners = new Account[]{};
-            } else {
-                owners = new Account[]{_accountMgr.getAccount(cmd.getEntityOwnerId())};
+            Account owner = _accountMgr.getAccount(cmd.getEntityOwnerId());
+            if (owner != null) {
+                return new Account[]{owner};
             }
         }
+        return new Account[]{};
+    }
 
-        if (cmd instanceof BaseAsyncCreateCmd) {
-            // check that caller can access the owner account.
-            _accountMgr.checkAccess(caller, null, false, owners);
+    protected void checkCallerAccessToEntities(Account caller, Account[] owners, Map<Object, AccessType> entitiesToAccess) {
+        if (entitiesToAccess.isEmpty()) {
+            return;
         }
-
-        if (!entitiesToAccess.isEmpty()) {
-            // check that caller can access the owner account.
-            _accountMgr.checkAccess(caller, null, false, owners);
-            for (Map.Entry<Object,AccessType>entry : entitiesToAccess.entrySet()) {
-                Object entity = entry.getKey();
-                if (entity instanceof ControlledEntity) {
-                    _accountMgr.checkAccess(caller, entry.getValue(), true, (ControlledEntity) entity);
-                } else if (entity instanceof InfrastructureEntity) {
-                    // FIXME: Move this code in adapter, remove code from
-                    // Account manager
-                }
-            }
+        _accountMgr.checkAccess(caller, null, false, owners);
+        for (Map.Entry<Object, AccessType> entry : entitiesToAccess.entrySet()) {
+            Object entity = entry.getKey();
+            _accountMgr.validateAccountHasAccessToResource(caller, entry.getValue(), entity);
         }
     }
 
diff --git a/server/src/main/java/com/cloud/user/AccountManagerImpl.java b/server/src/main/java/com/cloud/user/AccountManagerImpl.java
index 5c7aec5a1b7f..4e2b334bbf85 100644
--- a/server/src/main/java/com/cloud/user/AccountManagerImpl.java
+++ b/server/src/main/java/com/cloud/user/AccountManagerImpl.java
@@ -42,6 +42,7 @@
 
 import org.apache.cloudstack.acl.APIChecker;
 import org.apache.cloudstack.acl.ControlledEntity;
+import org.apache.cloudstack.acl.InfrastructureEntity;
 import org.apache.cloudstack.acl.QuerySelector;
 import org.apache.cloudstack.acl.Role;
 import org.apache.cloudstack.acl.RoleService;
@@ -719,6 +720,19 @@ public void checkAccess(Account caller, AccessType accessType, boolean sameOwner
 
     }
 
+    @Override
+    public void validateAccountHasAccessToResource(Account account, AccessType accessType, Object resource) {
+        Class<?> resourceClass = resource.getClass();
+        if (ControlledEntity.class.isAssignableFrom(resourceClass)) {
+            checkAccess(account, accessType, true, (ControlledEntity) resource);
+        } else if (Domain.class.isAssignableFrom(resourceClass)) {
+            checkAccess(account, (Domain) resource);
+        } else if (InfrastructureEntity.class.isAssignableFrom(resourceClass)) {
+            s_logger.trace("Validation of access to infrastructure entity has been disabled in CloudStack version 4.4.");
+        }
+        s_logger.debug(String.format("Account [%s] has access to resource.", account.getUuid()));
+    }
+
     @Override
     public Long checkAccessAndSpecifyAuthority(Account caller, Long zoneId) {
         // We just care for resource domain admins for now, and they should be permitted to see only their zone.
diff --git a/server/src/test/java/com/cloud/api/dispatch/ParamProcessWorkerTest.java b/server/src/test/java/com/cloud/api/dispatch/ParamProcessWorkerTest.java
index 7ac982db6234..0604405f4a55 100644
--- a/server/src/test/java/com/cloud/api/dispatch/ParamProcessWorkerTest.java
+++ b/server/src/test/java/com/cloud/api/dispatch/ParamProcessWorkerTest.java
@@ -19,6 +19,8 @@
 package com.cloud.api.dispatch;
 
 import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
 
 import org.junit.After;
 import org.junit.Assert;
@@ -27,11 +29,16 @@
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.Mockito;
-import org.mockito.runners.MockitoJUnitRunner;
+import org.mockito.InjectMocks;
+import org.mockito.Spy;
+
+import org.mockito.junit.MockitoJUnitRunner;
 
 import org.apache.cloudstack.api.BaseCmd;
 import org.apache.cloudstack.api.Parameter;
 import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.command.user.address.AssociateIPAddrCmd;
+import org.apache.cloudstack.acl.SecurityChecker;
 import org.apache.cloudstack.context.CallContext;
 
 import com.cloud.exception.ConcurrentOperationException;
@@ -42,14 +49,33 @@
 import com.cloud.user.Account;
 import com.cloud.user.AccountManager;
 import com.cloud.user.User;
+import com.cloud.vm.VMInstanceVO;
 
 @RunWith(MockitoJUnitRunner.class)
 public class ParamProcessWorkerTest {
 
+    @Spy
+    @InjectMocks
+    private ParamProcessWorker paramProcessWorkerSpy;
+
+    @Mock
+    private AccountManager accountManagerMock;
+
+    @Mock
+    private Account callingAccountMock;
+
+    @Mock
+    private User callingUserMock;
+
+    @Mock
+    private Account ownerAccountMock;
+
     @Mock
-    protected AccountManager accountManager;
+    BaseCmd baseCmdMock;
 
-    protected ParamProcessWorker paramProcessWorker;
+    private Account[] owners = new Account[]{ownerAccountMock};
+
+    private Map<Object, SecurityChecker.AccessType> entities = new HashMap<>();
 
     public static class TestCmd extends BaseCmd {
 
@@ -67,7 +93,7 @@ public static class TestCmd extends BaseCmd {
 
         @Override
         public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException, ConcurrentOperationException,
-            ResourceAllocationException, NetworkRuleConflictException {
+                ResourceAllocationException, NetworkRuleConflictException {
             // well documented nothing
         }
 
@@ -85,9 +111,7 @@ public long getEntityOwnerId() {
 
     @Before
     public void setup() {
-        CallContext.register(Mockito.mock(User.class), Mockito.mock(Account.class));
-        paramProcessWorker = new ParamProcessWorker();
-        paramProcessWorker._accountMgr = accountManager;
+        CallContext.register(callingUserMock, callingAccountMock);
     }
 
     @After
@@ -103,10 +127,71 @@ public void processParameters() {
         params.put("boolparam1", "true");
         params.put("doubleparam1", "11.89");
         final TestCmd cmd = new TestCmd();
-        paramProcessWorker.processParameters(cmd, params);
+        paramProcessWorkerSpy.processParameters(cmd, params);
         Assert.assertEquals("foo", cmd.strparam1);
         Assert.assertEquals(100, cmd.intparam1);
         Assert.assertTrue(Double.compare(cmd.doubleparam1, 11.89) == 0);
+        Mockito.verify(paramProcessWorkerSpy).doAccessChecks(Mockito.any(), Mockito.any());
+    }
+
+    @Test
+    public void doAccessChecksTestChecksCallerAccessToOwnerWhenCmdExtendsBaseAsyncCreateCmd() {
+        Mockito.doReturn(owners).when(paramProcessWorkerSpy).getEntityOwners(Mockito.any());
+        Mockito.doNothing().when(paramProcessWorkerSpy).checkCallerAccessToEntities(Mockito.any(), Mockito.any(), Mockito.any());
+
+        paramProcessWorkerSpy.doAccessChecks(new AssociateIPAddrCmd(), entities);
+
+        Mockito.verify(accountManagerMock).checkAccess(callingAccountMock, null, false, owners);
+    }
+
+    @Test
+    public void doAccessChecksTestChecksCallerAccessToEntities() {
+        Mockito.doReturn(owners).when(paramProcessWorkerSpy).getEntityOwners(Mockito.any());
+        Mockito.doNothing().when(paramProcessWorkerSpy).checkCallerAccessToEntities(Mockito.any(), Mockito.any(), Mockito.any());
+
+        paramProcessWorkerSpy.doAccessChecks(new AssociateIPAddrCmd(), entities);
+
+        Mockito.verify(paramProcessWorkerSpy).checkCallerAccessToEntities(callingAccountMock, owners, entities);
+    }
+
+    @Test
+    public void getEntityOwnersTestReturnsAccountsWhenCmdHasMultipleEntityOwners() {
+        Mockito.when(baseCmdMock.getEntityOwnerIds()).thenReturn(List.of(1L, 2L));
+        Mockito.doReturn(callingAccountMock).when(accountManagerMock).getAccount(1L);
+        Mockito.doReturn(ownerAccountMock).when(accountManagerMock).getAccount(2L);
+
+        List<Account> result = List.of(paramProcessWorkerSpy.getEntityOwners(baseCmdMock));
+
+        Assert.assertEquals(List.of(callingAccountMock, ownerAccountMock), result);
+    }
+
+    @Test
+    public void getEntityOwnersTestReturnsAccountWhenCmdHasOneEntityOwner() {
+        Mockito.when(baseCmdMock.getEntityOwnerId()).thenReturn(1L);
+        Mockito.when(baseCmdMock.getEntityOwnerIds()).thenReturn(null);
+        Mockito.doReturn(ownerAccountMock).when(accountManagerMock).getAccount(1L);
+
+        List<Account> result = List.of(paramProcessWorkerSpy.getEntityOwners(baseCmdMock));
+
+        Assert.assertEquals(List.of(ownerAccountMock), result);
+    }
+
+    @Test
+    public void checkCallerAccessToEntitiesTestChecksCallerAccessToOwners() {
+        entities.put(ownerAccountMock, SecurityChecker.AccessType.UseEntry);
+
+        paramProcessWorkerSpy.checkCallerAccessToEntities(callingAccountMock, owners, entities);
+
+        Mockito.verify(accountManagerMock).checkAccess(callingAccountMock, null, false, owners);
     }
 
+    @Test
+    public void checkCallerAccessToEntitiesTestChecksCallerAccessToResource() {
+        VMInstanceVO vmInstanceVo = new VMInstanceVO();
+        entities.put(vmInstanceVo, SecurityChecker.AccessType.UseEntry);
+
+        paramProcessWorkerSpy.checkCallerAccessToEntities(callingAccountMock, owners, entities);
+
+        Mockito.verify(accountManagerMock).validateAccountHasAccessToResource(callingAccountMock, SecurityChecker.AccessType.UseEntry, vmInstanceVo);
+    }
 }
diff --git a/server/src/test/java/com/cloud/user/MockAccountManagerImpl.java b/server/src/test/java/com/cloud/user/MockAccountManagerImpl.java
index b8a1af828191..10bd382ed018 100644
--- a/server/src/test/java/com/cloud/user/MockAccountManagerImpl.java
+++ b/server/src/test/java/com/cloud/user/MockAccountManagerImpl.java
@@ -436,6 +436,11 @@ public void checkAccess(Account account, AccessType accessType, boolean sameOwne
         // TODO Auto-generated method stub
     }
 
+    @Override
+    public void validateAccountHasAccessToResource(Account account, AccessType accessType, Object resource) {
+        // TODO Auto-generated method stub
+    }
+
     @Override
     public Long finalyzeAccountId(String accountName, Long domainId, Long projectId, boolean enabledOnly) {
         // TODO Auto-generated method stub

From 1861e78361e0a2ccdb679cd348a2eb426cf09de7 Mon Sep 17 00:00:00 2001
From: Daniel Augusto Veronezi Salvador <gutoveronezi@apache.org>
Date: Fri, 30 Aug 2024 19:03:28 -0300
Subject: [PATCH 11/24] Validate QCOW2 on upload and register

---
 .../formatinspector/Qcow2HeaderField.java     |  51 ++++
 .../formatinspector/Qcow2Inspector.java       | 267 ++++++++++++++++++
 .../resource/NfsSecondaryStorageResource.java |  14 +-
 .../storage/template/DownloadManagerImpl.java |  39 ++-
 4 files changed, 360 insertions(+), 11 deletions(-)
 create mode 100644 services/secondary-storage/server/src/main/java/org/apache/cloudstack/storage/formatinspector/Qcow2HeaderField.java
 create mode 100644 services/secondary-storage/server/src/main/java/org/apache/cloudstack/storage/formatinspector/Qcow2Inspector.java

diff --git a/services/secondary-storage/server/src/main/java/org/apache/cloudstack/storage/formatinspector/Qcow2HeaderField.java b/services/secondary-storage/server/src/main/java/org/apache/cloudstack/storage/formatinspector/Qcow2HeaderField.java
new file mode 100644
index 000000000000..4a8e8b51a479
--- /dev/null
+++ b/services/secondary-storage/server/src/main/java/org/apache/cloudstack/storage/formatinspector/Qcow2HeaderField.java
@@ -0,0 +1,51 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package org.apache.cloudstack.storage.formatinspector;
+
+public enum Qcow2HeaderField {
+    MAGIC(0, 4),
+    VERSION(4, 4),
+    BACKING_FILE_OFFSET(8, 8),
+    BACKING_FILE_NAME_LENGTH(16, 4),
+    CLUSTER_BITS(20, 4),
+    SIZE(24, 8),
+    CRYPT_METHOD(32, 4),
+    L1_SIZE(36, 4),
+    LI_TABLE_OFFSET(40, 8),
+    REFCOUNT_TABLE_OFFSET(48, 8),
+    REFCOUNT_TABLE_CLUSTERS(56, 4),
+    NB_SNAPSHOTS(60, 4),
+    SNAPSHOTS_OFFSET(64, 8),
+    INCOMPATIBLE_FEATURES(72, 8);
+
+    private final int offset;
+    private final int length;
+
+    Qcow2HeaderField(int offset, int length) {
+        this.offset = offset;
+        this.length = length;
+    }
+
+    public int getLength() {
+        return length;
+    }
+
+    public int getOffset() {
+        return offset;
+    }
+}
diff --git a/services/secondary-storage/server/src/main/java/org/apache/cloudstack/storage/formatinspector/Qcow2Inspector.java b/services/secondary-storage/server/src/main/java/org/apache/cloudstack/storage/formatinspector/Qcow2Inspector.java
new file mode 100644
index 000000000000..1ad2076a12d1
--- /dev/null
+++ b/services/secondary-storage/server/src/main/java/org/apache/cloudstack/storage/formatinspector/Qcow2Inspector.java
@@ -0,0 +1,267 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package org.apache.cloudstack.storage.formatinspector;
+
+import com.cloud.utils.NumbersUtil;
+import org.apache.commons.lang3.ArrayUtils;
+import org.apache.log4j.Logger;
+
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Set;
+
+/**
+ * Class to inspect QCOW2 files/objects. In our context, a QCOW2 might be a threat to the environment if it meets one of the following criteria when coming from external sources
+ * (like registering or uploading volumes and templates):
+ * <ul>
+ *   <li>has a backing file reference;</li>
+ *   <li>has an external data file reference;</li>
+ *   <li>has unknown incompatible features.</li>
+ * </ul>
+ *
+ * The implementation was done based on the <a href="https://gitlab.com/qemu-project/qemu/-/blob/master/docs/interop/qcow2.txt"> QEMU's official interoperability documentation</a>
+ * and on the <a href="https://review.opendev.org/c/openstack/cinder/+/923247/2/cinder/image/format_inspector.py">OpenStack's Cinder implementation for Python</a>.
+ */
+public class Qcow2Inspector {
+    protected static Logger LOGGER = Logger.getLogger(Qcow2Inspector.class);
+
+    private static final byte[] QCOW_MAGIC_STRING = ArrayUtils.add("QFI".getBytes(), (byte) 0xfb);
+    private static final int INCOMPATIBLE_FEATURES_MAX_KNOWN_BIT = 4;
+    private static final int INCOMPATIBLE_FEATURES_MAX_KNOWN_BYTE = 0;
+    private static final int EXTERNAL_DATA_FILE_BYTE_POSITION = 7;
+    private static final int EXTERNAL_DATA_FILE_BIT = 2;
+    private static final byte EXTERNAL_DATA_FILE_BITMASK = (byte) (1 << EXTERNAL_DATA_FILE_BIT);
+
+    private static final Set<Qcow2HeaderField> SET_OF_HEADER_FIELDS_TO_READ = Set.of(Qcow2HeaderField.MAGIC,
+            Qcow2HeaderField.VERSION,
+            Qcow2HeaderField.SIZE,
+            Qcow2HeaderField.BACKING_FILE_OFFSET,
+            Qcow2HeaderField.INCOMPATIBLE_FEATURES);
+
+    /**
+     * Validates if the file is a valid and allowed QCOW2 (i.e.: does not contain external references).
+     * @param filePath Path of the file to be validated.
+     * @throws RuntimeException If the QCOW2 file meets one of the following criteria:
+     * <ul>
+     *   <li>has a backing file reference;</li>
+     *   <li>has an external data file reference;</li>
+     *   <li>has unknown incompatible features.</li>
+     * </ul>
+     */
+    public static void validateQcow2File(String filePath) throws RuntimeException {
+        LOGGER.info(String.format("Verifying if [%s] is a valid and allowed QCOW2 file .", filePath));
+
+        Map<String, byte[]> headerFieldsAndValues;
+        try (InputStream inputStream = new FileInputStream(filePath)) {
+            headerFieldsAndValues = unravelQcow2Header(inputStream, filePath);
+        } catch (IOException ex) {
+            throw new RuntimeException(String.format("Unable to validate file [%s] due to: ", filePath), ex);
+        }
+
+        validateQcow2HeaderFields(headerFieldsAndValues, filePath);
+
+        LOGGER.info(String.format("[%s] is a valid and allowed QCOW2 file.", filePath));
+    }
+
+    /**
+     * Unravels the QCOW2 header in a serial fashion, iterating through the {@link Qcow2HeaderField}, reading the fields specified in
+     * {@link Qcow2Inspector#SET_OF_HEADER_FIELDS_TO_READ} and skipping the others.
+     * @param qcow2InputStream InputStream of the QCOW2 being unraveled.
+     * @param qcow2LogReference A reference (like the filename) of the QCOW2 being unraveled to print in the logs and exceptions.
+     * @return A map of the header fields and their values according to the {@link Qcow2Inspector#SET_OF_HEADER_FIELDS_TO_READ}.
+     * @throws IOException If the field cannot be read or skipped.
+     */
+    public static Map<String, byte[]> unravelQcow2Header(InputStream qcow2InputStream, String qcow2LogReference) throws IOException {
+        Map<String, byte[]> result = new HashMap<>();
+
+        LOGGER.debug(String.format("Unraveling QCOW2 [%s] headers.", qcow2LogReference));
+        for (Qcow2HeaderField qcow2Header : Qcow2HeaderField.values()) {
+            if (!SET_OF_HEADER_FIELDS_TO_READ.contains(qcow2Header)) {
+                skipHeader(qcow2InputStream, qcow2Header, qcow2LogReference);
+                continue;
+            }
+
+            byte[] headerValue = readHeader(qcow2InputStream, qcow2Header, qcow2LogReference);
+            result.put(qcow2Header.name(), headerValue);
+        }
+
+        return result;
+    }
+
+    /**
+     * Skips the field's length in the InputStream.
+     * @param qcow2InputStream InputStream of the QCOW2 being unraveled.
+     * @param field Field being skipped (name and length).
+     * @param qcow2LogReference A reference (like the filename) of the QCOW2 being unraveled to print in the logs and exceptions.
+     * @throws IOException If the bytes skipped do not match the field length.
+     */
+    protected static void skipHeader(InputStream qcow2InputStream, Qcow2HeaderField field, String qcow2LogReference) throws IOException {
+        LOGGER.trace(String.format("Skipping field [%s] of QCOW2 [%s].", field, qcow2LogReference));
+
+        if (qcow2InputStream.skip(field.getLength()) != field.getLength()) {
+            throw new IOException(String.format("Unable to skip field [%s] of QCOW2 [%s].", field, qcow2LogReference));
+        }
+    }
+
+    /**
+     * Reads the field's length in the InputStream.
+     * @param qcow2InputStream InputStream of the QCOW2 being unraveled.
+     * @param field Field being read (name and length).
+     * @param qcow2LogReference A reference (like the filename) of the QCOW2 being unraveled to print in the logs and exceptions.
+     * @throws IOException If the bytes read do not match the field length.
+     */
+    protected static byte[] readHeader(InputStream qcow2InputStream, Qcow2HeaderField field, String qcow2LogReference) throws IOException {
+        byte[] readBytes = new byte[field.getLength()];
+
+        LOGGER.trace(String.format("Reading field [%s] of QCOW2 [%s].", field, qcow2LogReference));
+        if (qcow2InputStream.read(readBytes) != field.getLength()) {
+            throw new IOException(String.format("Unable to read field [%s] of QCOW2 [%s].", field, qcow2LogReference));
+        }
+
+        LOGGER.trace(String.format("Read %s as field [%s] of QCOW2 [%s].", ArrayUtils.toString(readBytes), field, qcow2LogReference));
+        return readBytes;
+    }
+
+    /**
+     * Validates the values of the header fields {@link Qcow2HeaderField#MAGIC}, {@link Qcow2HeaderField#BACKING_FILE_OFFSET}, and {@link Qcow2HeaderField#INCOMPATIBLE_FEATURES}.
+     * @param headerFieldsAndValues A map of the header fields and their values.
+     * @param qcow2LogReference A reference (like the filename) of the QCOW2 being unraveled to print in the logs and exceptions.
+     * @throws SecurityException If the QCOW2 does not contain the QCOW magic string or contains a backing file reference or incompatible features.
+     */
+    public static void validateQcow2HeaderFields(Map<String, byte[]> headerFieldsAndValues, String qcow2LogReference) throws SecurityException{
+        byte[] fieldValue = headerFieldsAndValues.get(Qcow2HeaderField.MAGIC.name());
+        validateQcowMagicString(fieldValue, qcow2LogReference);
+
+        fieldValue = headerFieldsAndValues.get(Qcow2HeaderField.BACKING_FILE_OFFSET.name());
+        validateAbsenceOfBackingFileReference(NumbersUtil.bytesToLong(fieldValue), qcow2LogReference);
+
+        fieldValue = headerFieldsAndValues.get(Qcow2HeaderField.INCOMPATIBLE_FEATURES.name());
+        validateAbsenceOfIncompatibleFeatures(fieldValue, qcow2LogReference);
+    }
+
+    /**
+     * Verifies if the first 4 bytes of the header are the QCOW magic string. Throws an exception if not.
+     * @param headerMagicString The first 4 bytes of the header.
+     * @param qcow2LogReference A reference (like the filename) of the QCOW2 being unraveled to print in the logs and exceptions.
+     * @throws SecurityException If the header's magic string is not the QCOW magic string.
+     */
+    private static void validateQcowMagicString(byte[] headerMagicString, String qcow2LogReference) throws SecurityException {
+        LOGGER.debug(String.format("Verifying if [%s] has a valid QCOW magic string.", qcow2LogReference));
+
+        if (!Arrays.equals(QCOW_MAGIC_STRING, headerMagicString)) {
+            throw new SecurityException(String.format("[%s] is not a valid QCOW2 because its first 4 bytes are not the QCOW magic string.", qcow2LogReference));
+        }
+
+        LOGGER.debug(String.format("[%s] has a valid QCOW magic string.", qcow2LogReference));
+    }
+
+    /**
+     * Verifies if the QCOW2 has a backing file and throws an exception if so.
+     * @param backingFileOffset The backing file offset value of the QCOW2 header.
+     * @param qcow2LogReference A reference (like the filename) of the QCOW2 being unraveled to print in the logs and exceptions.
+     * @throws SecurityException If the QCOW2 has a backing file reference.
+     */
+    private static void validateAbsenceOfBackingFileReference(long backingFileOffset, String qcow2LogReference) throws SecurityException {
+        LOGGER.debug(String.format("Verifying if [%s] has a backing file reference.", qcow2LogReference));
+
+        if (backingFileOffset != 0) {
+            throw new SecurityException(String.format("[%s] has a backing file reference. This can be an attack to the infrastructure; therefore, we will not accept" +
+                    " this QCOW2.", qcow2LogReference));
+        }
+
+        LOGGER.debug(String.format("[%s] does not have a backing file reference.", qcow2LogReference));
+    }
+
+    /**
+     * Verifies if the QCOW2 has incompatible features and throw an exception if it has an external data file reference or unknown incompatible features.
+     * @param incompatibleFeatures The incompatible features bytes of the QCOW2 header.
+     * @param qcow2LogReference A reference (like the filename) of the QCOW2 being unraveled to print in the logs and exceptions.
+     * @throws SecurityException If the QCOW2 has an external data file reference or unknown incompatible features.
+     */
+    private static void validateAbsenceOfIncompatibleFeatures(byte[] incompatibleFeatures, String qcow2LogReference) throws SecurityException {
+        LOGGER.debug(String.format("Verifying if [%s] has incompatible features.", qcow2LogReference));
+
+        if (NumbersUtil.bytesToLong(incompatibleFeatures) == 0) {
+            LOGGER.debug(String.format("[%s] does not have incompatible features.", qcow2LogReference));
+            return;
+        }
+
+        LOGGER.debug(String.format("[%s] has incompatible features.", qcow2LogReference));
+
+        validateAbsenceOfExternalDataFileReference(incompatibleFeatures, qcow2LogReference);
+        validateAbsenceOfUnknownIncompatibleFeatures(incompatibleFeatures, qcow2LogReference);
+    }
+
+    /**
+     * Verifies if the QCOW2 has an external data file reference and throw an exception if so.
+     * @param incompatibleFeatures The incompatible features bytes of the QCOW2 header.
+     * @param qcow2LogReference A reference (like the filename) of the QCOW2 being unraveled to print in the logs and exceptions.
+     * @throws SecurityException If the QCOW2 has an external data file reference.
+     */
+    private static void validateAbsenceOfExternalDataFileReference(byte[] incompatibleFeatures, String qcow2LogReference) throws SecurityException {
+        LOGGER.debug(String.format("Verifying if [%s] has an external data file reference.", qcow2LogReference));
+
+        if ((incompatibleFeatures[EXTERNAL_DATA_FILE_BYTE_POSITION] & EXTERNAL_DATA_FILE_BITMASK) != 0) {
+            throw new SecurityException(String.format("[%s] has an external data file reference. This can be an attack to the infrastructure; therefore, we will discard" +
+                    " this file.", qcow2LogReference));
+        }
+
+        LOGGER.info(String.format("[%s] does not have an external data file reference.", qcow2LogReference));
+    }
+
+    /**
+     * Verifies if the QCOW2 has unknown incompatible features and throw an exception if so.
+     * <br/><br/>
+     * Unknown incompatible features are those with bit greater than
+     * {@link Qcow2Inspector#INCOMPATIBLE_FEATURES_MAX_KNOWN_BIT}, which will be the represented by bytes in positions greater than
+     * {@link Qcow2Inspector#INCOMPATIBLE_FEATURES_MAX_KNOWN_BYTE} (in Big Endian order). Therefore, we expect that those bytes are always zero. If not, an exception is thrown.
+     * @param incompatibleFeatures The incompatible features bytes of the QCOW2 header.
+     * @param qcow2LogReference A reference (like the filename) of the QCOW2 being unraveled to print in the logs and exceptions.
+     * @throws SecurityException If the QCOW2 has unknown incompatible features.
+     */
+    private static void validateAbsenceOfUnknownIncompatibleFeatures(byte[] incompatibleFeatures, String qcow2LogReference) throws SecurityException {
+        LOGGER.debug(String.format("Verifying if [%s] has unknown incompatible features [%s].", qcow2LogReference, ArrayUtils.toString(incompatibleFeatures)));
+
+        for (int byteNum = incompatibleFeatures.length - 1; byteNum >= 0; byteNum--) {
+            int bytePosition = incompatibleFeatures.length - 1 - byteNum;
+            LOGGER.trace(String.format("Looking for unknown incompatible feature bit in position [%s].", bytePosition));
+
+            byte bitmask = 0;
+            if (byteNum == INCOMPATIBLE_FEATURES_MAX_KNOWN_BYTE) {
+                bitmask = ((1 << INCOMPATIBLE_FEATURES_MAX_KNOWN_BIT) - 1);
+            }
+
+            LOGGER.trace(String.format("Bitmask for byte in position [%s] is [%s].", bytePosition, Integer.toBinaryString(bitmask)));
+
+            int featureBit = incompatibleFeatures[bytePosition] & ~bitmask;
+            if (featureBit != 0) {
+                throw new SecurityException(String.format("Found unknown incompatible feature bit [%s] in byte [%s] of [%s]. This can be an attack to the infrastructure; " +
+                        "therefore, we will discard this QCOW2.", featureBit, bytePosition + Qcow2HeaderField.INCOMPATIBLE_FEATURES.getOffset(), qcow2LogReference));
+            }
+
+            LOGGER.trace(String.format("Did not find unknown incompatible feature in position [%s].", bytePosition));
+        }
+
+        LOGGER.info(String.format("[%s] does not have unknown incompatible features.", qcow2LogReference));
+    }
+
+}
diff --git a/services/secondary-storage/server/src/main/java/org/apache/cloudstack/storage/resource/NfsSecondaryStorageResource.java b/services/secondary-storage/server/src/main/java/org/apache/cloudstack/storage/resource/NfsSecondaryStorageResource.java
index d8f7395c8853..0c8a1c28f11f 100644
--- a/services/secondary-storage/server/src/main/java/org/apache/cloudstack/storage/resource/NfsSecondaryStorageResource.java
+++ b/services/secondary-storage/server/src/main/java/org/apache/cloudstack/storage/resource/NfsSecondaryStorageResource.java
@@ -66,6 +66,7 @@
 import org.apache.cloudstack.storage.command.UploadStatusCommand;
 import org.apache.cloudstack.storage.configdrive.ConfigDrive;
 import org.apache.cloudstack.storage.configdrive.ConfigDriveBuilder;
+import org.apache.cloudstack.storage.formatinspector.Qcow2Inspector;
 import org.apache.cloudstack.storage.template.DownloadManager;
 import org.apache.cloudstack.storage.template.DownloadManagerImpl;
 import org.apache.cloudstack.storage.template.UploadEntity;
@@ -3446,8 +3447,19 @@ public String postUpload(String uuid, String filename, long processTimeout) {
             return result;
         }
 
+        String finalFilename = resourcePath + "/" + templateFilename;
+
+        if (ImageStoreUtil.isCorrectExtension(finalFilename, "qcow2")) {
+            try {
+                Qcow2Inspector.validateQcow2File(finalFilename);
+            } catch (RuntimeException e) {
+                s_logger.error(String.format("Uploaded file [%s] is not a valid QCOW2.", finalFilename), e);
+                return "The uploaded file is not a valid QCOW2. Ask the administrator to check the logs for more details.";
+            }
+        }
+
         // Set permissions for the downloaded template
-        File downloadedTemplate = new File(resourcePath + "/" + templateFilename);
+        File downloadedTemplate = new File(finalFilename);
         _storage.setWorldReadableAndWriteable(downloadedTemplate);
 
         // Set permissions for template/volume.properties
diff --git a/services/secondary-storage/server/src/main/java/org/apache/cloudstack/storage/template/DownloadManagerImpl.java b/services/secondary-storage/server/src/main/java/org/apache/cloudstack/storage/template/DownloadManagerImpl.java
index e14977682b66..d849a7b8450f 100644
--- a/services/secondary-storage/server/src/main/java/org/apache/cloudstack/storage/template/DownloadManagerImpl.java
+++ b/services/secondary-storage/server/src/main/java/org/apache/cloudstack/storage/template/DownloadManagerImpl.java
@@ -62,6 +62,11 @@
 import org.apache.cloudstack.storage.NfsMountManagerImpl.PathParser;
 import org.apache.cloudstack.storage.resource.NfsSecondaryStorageResource;
 import org.apache.cloudstack.storage.resource.SecondaryStorageResource;
+import org.apache.cloudstack.storage.formatinspector.Qcow2HeaderField;
+import org.apache.cloudstack.storage.formatinspector.Qcow2Inspector;
+import org.apache.cloudstack.utils.security.ChecksumValue;
+import org.apache.cloudstack.utils.security.DigestHelper;
+
 import org.apache.log4j.Logger;
 
 import com.cloud.agent.api.storage.DownloadAnswer;
@@ -80,10 +85,7 @@
 import com.cloud.utils.component.ManagerBase;
 import com.cloud.utils.exception.CloudRuntimeException;
 import com.cloud.utils.script.Script;
-import com.cloud.utils.storage.QCOW2Utils;
-import org.apache.cloudstack.utils.security.ChecksumValue;
-import org.apache.cloudstack.utils.security.DigestHelper;
-import org.apache.commons.lang3.StringUtils;
+import com.cloud.utils.StringUtils;
 
 import static com.cloud.utils.NumbersUtil.toHumanReadableSize;
 
@@ -346,11 +348,17 @@ private String postRemoteDownload(String jobId) {
             // The QCOW2 is the only format with a header,
             // and as such can be easily read.
 
-            try (InputStream inputStream = td.getS3ObjectInputStream();) {
-                dnld.setTemplatesize(QCOW2Utils.getVirtualSize(inputStream, false));
-            }
-            catch (IOException e) {
-                result = "Couldn't read QCOW2 virtual size. Error: " + e.getMessage();
+            try (InputStream inputStream = td.getS3ObjectInputStream()) {
+                Map<String, byte[]> qcow2HeaderFieldsAndValues = Qcow2Inspector.unravelQcow2Header(inputStream, td.getDownloadUrl());
+                Qcow2Inspector.validateQcow2HeaderFields(qcow2HeaderFieldsAndValues, td.getDownloadUrl());
+
+                dnld.setTemplatesize(NumbersUtil.bytesToLong(qcow2HeaderFieldsAndValues.get(Qcow2HeaderField.SIZE.name())));
+            } catch (IOException ex) {
+                result = String.format("Unable to read QCOW2 metadata. Error: %s", ex.getMessage());
+                LOGGER.error(result, ex);
+            } catch (SecurityException ex) {
+                result = String.format("[%s] is not a valid QCOW2:", td.getDownloadUrl());
+                LOGGER.error(result, ex);
             }
 
         }
@@ -405,8 +413,19 @@ private String postLocalDownload(String jobId) {
             return result;
         }
 
+        String finalFilename = resourcePath + "/" + templateFilename;
+
+        if (ImageFormat.QCOW2.equals(dnld.getFormat())) {
+            try {
+                Qcow2Inspector.validateQcow2File(finalFilename);
+            } catch (RuntimeException e) {
+                LOGGER.error(String.format("The downloaded file [%s] is not a valid QCOW2.", finalFilename), e);
+                return "The downloaded file is not a valid QCOW2. Ask the administrator to check the logs for more details.";
+            }
+        }
+
         // Set permissions for the downloaded template
-        File downloadedTemplate = new File(resourcePath + "/" + templateFilename);
+        File downloadedTemplate = new File(finalFilename);
 
         _storage.setWorldReadableAndWriteable(downloadedTemplate);
         setPermissionsForTheDownloadedTemplate(dnld, resourcePath, resourceType);

From 124d6b8b816a88d13ee46e7e3e56177aefbecef9 Mon Sep 17 00:00:00 2001
From: Wei Zhou <weizhou@apache.org>
Date: Tue, 10 Sep 2024 18:25:36 +0200
Subject: [PATCH 12/24] util: check JSESSIONID in cookies if user is passed

---
 .../command/ListAndSwitchSAMLAccountCmd.java  |   7 +-
 .../cloudstack/saml/SAML2AuthManager.java     |   3 +
 .../cloudstack/saml/SAML2AuthManagerImpl.java |   3 +-
 .../org/apache/cloudstack/saml/SAMLUtils.java |  25 ++++-
 .../ListAndSwitchSAMLAccountCmdTest.java      |  25 ++++-
 .../main/java/com/cloud/api/ApiServer.java    |  26 ++++-
 .../main/java/com/cloud/api/ApiServlet.java   | 102 +++++++++++-------
 test/integration/smoke/test_login.py          |   1 +
 ui/src/api/index.js                           |  10 ++
 ui/src/store/modules/user.js                  |   1 -
 .../main/java/com/cloud/utils/HttpUtils.java  |  42 ++++++--
 .../java/com/cloud/utils/HttpUtilsTest.java   |  86 ++++++++++++---
 12 files changed, 266 insertions(+), 65 deletions(-)

diff --git a/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/api/command/ListAndSwitchSAMLAccountCmd.java b/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/api/command/ListAndSwitchSAMLAccountCmd.java
index 25f056adf686..c2f81cd33563 100644
--- a/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/api/command/ListAndSwitchSAMLAccountCmd.java
+++ b/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/api/command/ListAndSwitchSAMLAccountCmd.java
@@ -48,6 +48,7 @@
 import org.apache.cloudstack.saml.SAMLUtils;
 import org.apache.log4j.Logger;
 
+import com.cloud.api.ApiServer;
 import com.cloud.api.response.ApiResponseSerializer;
 import com.cloud.domain.Domain;
 import com.cloud.domain.dao.DomainDao;
@@ -60,6 +61,8 @@
 import com.cloud.user.dao.UserDao;
 import com.cloud.utils.HttpUtils;
 
+import org.apache.commons.lang3.EnumUtils;
+
 @APICommand(name = "listAndSwitchSamlAccount", description = "Lists and switches to other SAML accounts owned by the SAML user", responseObject = SuccessResponse.class, requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
 public class ListAndSwitchSAMLAccountCmd extends BaseCmd implements APIAuthenticator {
     public static final Logger s_logger = Logger.getLogger(ListAndSwitchSAMLAccountCmd.class.getName());
@@ -104,7 +107,9 @@ public String authenticate(final String command, final Map<String, Object[]> par
                     params, responseType));
         }
 
-        if (!HttpUtils.validateSessionKey(session, params, req.getCookies(), ApiConstants.SESSIONKEY)) {
+        HttpUtils.ApiSessionKeyCheckOption sessionKeyCheckOption = EnumUtils.getEnumIgnoreCase(HttpUtils.ApiSessionKeyCheckOption.class,
+                ApiServer.ApiSessionKeyCheckLocations.value(), HttpUtils.ApiSessionKeyCheckOption.CookieAndParameter);
+        if (!HttpUtils.validateSessionKey(session, params, req.getCookies(), ApiConstants.SESSIONKEY, sessionKeyCheckOption)) {
             throw new ServerApiException(ApiErrorCode.UNAUTHORIZED, _apiServer.getSerializedApiError(ApiErrorCode.UNAUTHORIZED.getHttpCode(),
                     "Unauthorized session, please re-login",
                     params, responseType));
diff --git a/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAML2AuthManager.java b/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAML2AuthManager.java
index 3a4030f9c0d8..e10ea08012fa 100644
--- a/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAML2AuthManager.java
+++ b/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAML2AuthManager.java
@@ -73,6 +73,9 @@ public interface SAML2AuthManager extends PluggableAPIAuthenticator, PluggableSe
     ConfigKey<Boolean> SAMLCheckSignature = new ConfigKey<Boolean>("Advanced", Boolean.class, "saml2.check.signature", "true",
             "When enabled (default and recommended), SAML2 signature checks are enforced and lack of signature in the SAML SSO response will cause login exception. Disabling this is not advisable but provided for backward compatibility for users who are able to accept the risks.", false);
 
+    ConfigKey<String> SAMLUserSessionKeyPathAttribute = new ConfigKey<String>("Advanced", String.class, "saml2.user.sessionkey.path", "",
+            "The Path attribute of sessionkey cookie when SAML users have logged in. If not set, it will be set to the path of SAML redirection URL (saml2.redirect.url).", true);
+
     SAMLProviderMetadata getSPMetadata();
     SAMLProviderMetadata getIdPMetadata(String entityId);
     Collection<SAMLProviderMetadata> getAllIdPMetadata();
diff --git a/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java b/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java
index dfa76414fb74..aa1e0be91c71 100644
--- a/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java
+++ b/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java
@@ -542,6 +542,7 @@ public ConfigKey<?>[] getConfigKeys() {
                 SAMLServiceProviderSingleSignOnURL, SAMLServiceProviderSingleLogOutURL,
                 SAMLCloudStackRedirectionUrl, SAMLUserAttributeName,
                 SAMLIdentityProviderMetadataURL, SAMLDefaultIdentityProviderId,
-                SAMLSignatureAlgorithm, SAMLAppendDomainSuffix, SAMLTimeout, SAMLCheckSignature};
+                SAMLSignatureAlgorithm, SAMLAppendDomainSuffix, SAMLTimeout, SAMLCheckSignature,
+                SAMLUserSessionKeyPathAttribute};
     }
 }
diff --git a/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAMLUtils.java b/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAMLUtils.java
index f10bc891368e..bb94c8af4c23 100644
--- a/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAMLUtils.java
+++ b/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAMLUtils.java
@@ -25,6 +25,8 @@
 import java.io.StringWriter;
 import java.io.UnsupportedEncodingException;
 import java.math.BigInteger;
+import java.net.URI;
+import java.net.URISyntaxException;
 import java.net.URLEncoder;
 import java.nio.charset.Charset;
 import java.security.InvalidKeyException;
@@ -101,7 +103,9 @@
 import org.w3c.dom.Element;
 import org.xml.sax.SAXException;
 
+import com.cloud.api.ApiServlet;
 import com.cloud.utils.HttpUtils;
+import com.cloud.utils.exception.CloudRuntimeException;
 
 public class SAMLUtils {
     public static final Logger s_logger = Logger.getLogger(SAMLUtils.class);
@@ -296,7 +300,26 @@ public static void setupSamlUserCookies(final LoginCmdResponse loginResponse, fi
             resp.addCookie(new Cookie("timezone", URLEncoder.encode(timezone, HttpUtils.UTF_8)));
         }
         resp.addCookie(new Cookie("userfullname", URLEncoder.encode(loginResponse.getFirstName() + " " + loginResponse.getLastName(), HttpUtils.UTF_8).replace("+", "%20")));
-        resp.addHeader("SET-COOKIE", String.format("%s=%s;HttpOnly;Path=/client/api", ApiConstants.SESSIONKEY, loginResponse.getSessionKey()));
+
+        String redirectUrl = SAML2AuthManager.SAMLCloudStackRedirectionUrl.value();
+        String path = SAML2AuthManager.SAMLUserSessionKeyPathAttribute.value();
+        String domain = null;
+        try {
+            URI redirectUri = new URI(redirectUrl);
+            domain = redirectUri.getHost();
+            if (StringUtils.isBlank(path)) {
+                path = redirectUri.getPath();
+            }
+            if (StringUtils.isBlank(path)) {
+                path = "/";
+            }
+        } catch (URISyntaxException ex) {
+            throw new CloudRuntimeException("Invalid URI: " + redirectUrl);
+        }
+        String sameSite = ApiServlet.getApiSessionKeySameSite();
+        String sessionKeyCookie = String.format("%s=%s;Domain=%s;Path=%s;%s", ApiConstants.SESSIONKEY, loginResponse.getSessionKey(), domain, path, sameSite);
+        s_logger.debug("Adding sessionkey cookie to response: " + sessionKeyCookie);
+        resp.addHeader("SET-COOKIE", sessionKeyCookie);
     }
 
     /**
diff --git a/plugins/user-authenticators/saml2/src/test/java/org/apache/cloudstack/api/command/ListAndSwitchSAMLAccountCmdTest.java b/plugins/user-authenticators/saml2/src/test/java/org/apache/cloudstack/api/command/ListAndSwitchSAMLAccountCmdTest.java
index b4d230e3cd60..729334d22ce5 100644
--- a/plugins/user-authenticators/saml2/src/test/java/org/apache/cloudstack/api/command/ListAndSwitchSAMLAccountCmdTest.java
+++ b/plugins/user-authenticators/saml2/src/test/java/org/apache/cloudstack/api/command/ListAndSwitchSAMLAccountCmdTest.java
@@ -27,6 +27,7 @@
 import java.util.HashMap;
 import java.util.Map;
 
+import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
@@ -88,6 +89,9 @@ public class ListAndSwitchSAMLAccountCmdTest extends TestCase {
     @Mock
     HttpServletRequest req;
 
+    final String sessionId = "node0xxxxxxxxxxxxx";
+    Cookie[] cookies;
+
     @Test
     public void testListAndSwitchSAMLAccountCmd() throws Exception {
         // Setup
@@ -95,6 +99,7 @@ public void testListAndSwitchSAMLAccountCmd() throws Exception {
         final String sessionKeyValue = "someSessionIDValue";
         Mockito.when(session.getAttribute(ApiConstants.SESSIONKEY)).thenReturn(sessionKeyValue);
         Mockito.when(session.getAttribute("userid")).thenReturn(2L);
+        Mockito.when(session.getId()).thenReturn(sessionId);
         params.put(ApiConstants.USER_ID, new String[]{"2"});
         params.put(ApiConstants.DOMAIN_ID, new String[]{"1"});
         Mockito.when(userDao.findByUuid(anyString())).thenReturn(new UserVO(2L));
@@ -146,7 +151,25 @@ public void testListAndSwitchSAMLAccountCmd() throws Exception {
             Mockito.verify(accountService, Mockito.times(0)).getUserAccountById(Mockito.anyLong());
         }
 
-        // valid sessionkey value test
+        // valid sessionkey value and invalid JSESSIONID test
+        cookies = new Cookie[2];
+        cookies[0] = new Cookie(ApiConstants.SESSIONKEY, sessionKeyValue);
+        cookies[1] = new Cookie("JSESSIONID", "invalid-JSESSIONID");
+        Mockito.when(req.getCookies()).thenReturn(cookies);
+        params.put(ApiConstants.SESSIONKEY, new String[]{sessionKeyValue});
+        try {
+            cmd.authenticate("command", params, session, null, HttpUtils.RESPONSE_TYPE_JSON, new StringBuilder(), req, resp);
+        } catch (ServerApiException exception) {
+            assertEquals(exception.getErrorCode(), ApiErrorCode.UNAUTHORIZED);
+        } finally {
+            Mockito.verify(accountService, Mockito.times(0)).getUserAccountById(Mockito.anyLong());
+        }
+
+        // valid sessionkey value and valid JSESSIONID test
+        cookies = new Cookie[2];
+        cookies[0] = new Cookie(ApiConstants.SESSIONKEY, sessionKeyValue);
+        cookies[1] = new Cookie("JSESSIONID", sessionId + ".node0");
+        Mockito.when(req.getCookies()).thenReturn(cookies);
         params.put(ApiConstants.SESSIONKEY, new String[]{sessionKeyValue});
         try {
             cmd.authenticate("command", params, session, null, HttpUtils.RESPONSE_TYPE_JSON, new StringBuilder(), req, resp);
diff --git a/server/src/main/java/com/cloud/api/ApiServer.java b/server/src/main/java/com/cloud/api/ApiServer.java
index cf0e689ed27d..622f948aa72d 100644
--- a/server/src/main/java/com/cloud/api/ApiServer.java
+++ b/server/src/main/java/com/cloud/api/ApiServer.java
@@ -33,6 +33,7 @@
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.Date;
+import java.util.EnumSet;
 import java.util.Enumeration;
 import java.util.HashMap;
 import java.util.HashSet;
@@ -47,6 +48,7 @@
 import java.util.concurrent.TimeUnit;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
+import java.util.stream.Collectors;
 
 import javax.crypto.Mac;
 import javax.crypto.spec.SecretKeySpec;
@@ -168,6 +170,8 @@
 import com.cloud.utils.ConstantTimeComparator;
 import com.cloud.utils.DateUtil;
 import com.cloud.utils.HttpUtils;
+import com.cloud.utils.HttpUtils.ApiSessionKeySameSite;
+import com.cloud.utils.HttpUtils.ApiSessionKeyCheckOption;
 import com.cloud.utils.Pair;
 import com.cloud.utils.ReflectUtil;
 import com.cloud.utils.StringUtils;
@@ -306,6 +310,24 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler, ApiSer
             , true
             , ConfigKey.Scope.Global);
 
+    static final ConfigKey<String> ApiSessionKeyCookieSameSiteSetting = new ConfigKey<>(String.class
+            , "api.sessionkey.cookie.samesite"
+            , ConfigKey.CATEGORY_ADVANCED
+            , ApiSessionKeySameSite.Lax.name()
+            , "The SameSite attribute of cookie 'sessionkey'. Valid options are: Lax (default), Strict, NoneAndSecure and Null."
+            , true
+            , ConfigKey.Scope.Global, null, null, null, null, null, ConfigKey.Kind.Select,
+            EnumSet.allOf(ApiSessionKeySameSite.class).stream().map(Enum::toString).collect(Collectors.joining(", ")));
+
+    public static final ConfigKey<String> ApiSessionKeyCheckLocations = new ConfigKey<>(String.class
+            , "api.sessionkey.check.locations"
+            , ConfigKey.CATEGORY_ADVANCED
+            , ApiSessionKeyCheckOption.CookieAndParameter.name()
+            , "The locations of 'sessionkey' during the validation of the API requests. Valid options are: CookieOrParameter, ParameterOnly, CookieAndParameter (default)."
+            , true
+            , ConfigKey.Scope.Global, null, null, null, null, null, ConfigKey.Kind.Select,
+            EnumSet.allOf(ApiSessionKeyCheckOption.class).stream().map(Enum::toString).collect(Collectors.joining(", ")));
+
     @Override
     public boolean configure(final String name, final Map<String, Object> params) throws ConfigurationException {
         messageBus.subscribe(AsyncJob.Topics.JOB_EVENT_PUBLISH, MessageDispatcher.getDispatcher(this));
@@ -1531,7 +1553,9 @@ public ConfigKey<?>[] getConfigKeys() {
                 JSONDefaultContentType,
                 proxyForwardList,
                 useForwardHeader,
-                listOfForwardHeaders
+                listOfForwardHeaders,
+                ApiSessionKeyCookieSameSiteSetting,
+                ApiSessionKeyCheckLocations
         };
     }
 }
diff --git a/server/src/main/java/com/cloud/api/ApiServlet.java b/server/src/main/java/com/cloud/api/ApiServlet.java
index e719238afef1..d9654f039163 100644
--- a/server/src/main/java/com/cloud/api/ApiServlet.java
+++ b/server/src/main/java/com/cloud/api/ApiServlet.java
@@ -47,6 +47,7 @@
 import org.apache.cloudstack.managed.context.ManagedContext;
 import org.apache.cloudstack.utils.consoleproxy.ConsoleAccessUtils;
 import org.apache.log4j.Logger;
+import org.apache.commons.lang3.EnumUtils;
 import org.jetbrains.annotations.Nullable;
 import org.springframework.stereotype.Component;
 import org.springframework.web.context.support.SpringBeanAutowiringSupport;
@@ -63,13 +64,15 @@
 import com.cloud.user.UserAccount;
 
 import com.cloud.utils.HttpUtils;
+import com.cloud.utils.HttpUtils.ApiSessionKeySameSite;
+import com.cloud.utils.HttpUtils.ApiSessionKeyCheckOption;
 import com.cloud.utils.StringUtils;
 import com.cloud.utils.db.EntityManager;
 import com.cloud.utils.net.NetUtils;
 
 @Component("apiServlet")
 public class ApiServlet extends HttpServlet {
-    public static final Logger s_logger = Logger.getLogger(ApiServlet.class.getName());
+    public static final Logger LOGGER = Logger.getLogger(ApiServlet.class.getName());
     private static final Logger s_accessLogger = Logger.getLogger("apiserver." + ApiServlet.class.getName());
     private static final String REPLACEMENT = "_";
     private static final String LOG_REPLACEMENTS = "[\n\r\t]";
@@ -127,7 +130,7 @@ void utf8Fixup(final HttpServletRequest req, final Map<String, Object[]> params)
                     String value = decodeUtf8(paramTokens[1]);
                     params.put(name, new String[] {value});
                 } else {
-                    s_logger.debug("Invalid parameter in URL found. param: " + param);
+                    LOGGER.debug("Invalid parameter in URL found. param: " + param);
                 }
             }
         }
@@ -156,7 +159,7 @@ private void checkSingleQueryParameterValue(Map<String, String[]> params) {
             if (v.length > 1) {
                 String message = String.format("Query parameter '%s' has multiple values %s. Only the last value will be respected." +
                     "It is advised to pass only a single parameter", k, Arrays.toString(v));
-                s_logger.warn(message);
+                LOGGER.warn(message);
             }
         });
 
@@ -167,7 +170,7 @@ void processRequestInContext(final HttpServletRequest req, final HttpServletResp
         try {
             remoteAddress = getClientAddress(req);
         } catch (UnknownHostException e) {
-            s_logger.warn("UnknownHostException when trying to lookup remote IP-Address. This should never happen. Blocking request.", e);
+            LOGGER.warn("UnknownHostException when trying to lookup remote IP-Address. This should never happen. Blocking request.", e);
             final String response = apiServer.getSerializedApiError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
                     "UnknownHostException when trying to lookup remote IP-Address", null,
                     HttpUtils.RESPONSE_TYPE_XML);
@@ -191,17 +194,17 @@ void processRequestInContext(final HttpServletRequest req, final HttpServletResp
         // logging the request start and end in management log for easy debugging
         String reqStr = "";
         String cleanQueryString = StringUtils.cleanString(req.getQueryString());
-        if (s_logger.isDebugEnabled()) {
+        if (LOGGER.isDebugEnabled()) {
             reqStr = auditTrailSb.toString() + " " + cleanQueryString;
-            s_logger.debug("===START=== " + reqStr);
+            LOGGER.debug("===START=== " + reqStr);
         }
 
         try {
             resp.setContentType(HttpUtils.XML_CONTENT_TYPE);
 
             HttpSession session = req.getSession(false);
-            if (s_logger.isTraceEnabled()) {
-                s_logger.trace(String.format("session found: %s", session));
+            if (LOGGER.isTraceEnabled()) {
+                LOGGER.trace(String.format("session found: %s", session));
             }
             final Object[] responseTypeParam = params.get(ApiConstants.RESPONSE);
             if (responseTypeParam != null) {
@@ -212,10 +215,10 @@ void processRequestInContext(final HttpServletRequest req, final HttpServletResp
             final String command = commandObj == null ? null : (String) commandObj[0];
             final Object[] userObj = params.get(ApiConstants.USERNAME);
             String username = userObj == null ? null : (String)userObj[0];
-            if (s_logger.isTraceEnabled()) {
+            if (LOGGER.isTraceEnabled()) {
                 String logCommand = saveLogString(command);
                 String logName = saveLogString(username);
-                s_logger.trace(String.format("command %s processing for user \"%s\"",
+                LOGGER.trace(String.format("command %s processing for user \"%s\"",
                         logCommand,
                         logName));
             }
@@ -238,25 +241,26 @@ void processRequestInContext(final HttpServletRequest req, final HttpServletResp
 
                         if (ApiServer.EnableSecureSessionCookie.value()) {
                             resp.setHeader("SET-COOKIE", String.format("JSESSIONID=%s;Secure;HttpOnly;Path=/client", session.getId()));
-                            if (s_logger.isDebugEnabled()) {
-                                s_logger.debug("Session cookie is marked secure!");
+                            if (LOGGER.isDebugEnabled()) {
+                                LOGGER.debug("Session cookie is marked secure!");
                             }
                         }
                     }
 
                     try {
-                        if (s_logger.isTraceEnabled()) {
-                            s_logger.trace(String.format("apiAuthenticator.authenticate(%s, params[%d], %s, %s, %s, %s, %s,%s)",
+                        if (LOGGER.isTraceEnabled()) {
+                            LOGGER.trace(String.format("apiAuthenticator.authenticate(%s, params[%d], %s, %s, %s, %s, %s,%s)",
                                     saveLogString(command), params.size(), session.getId(), remoteAddress.getHostAddress(), saveLogString(responseType), "auditTrailSb", "req", "resp"));
                         }
                         responseString = apiAuthenticator.authenticate(command, params, session, remoteAddress, responseType, auditTrailSb, req, resp);
                         if (session != null && session.getAttribute(ApiConstants.SESSIONKEY) != null) {
-                            resp.addHeader("SET-COOKIE", String.format("%s=%s;HttpOnly", ApiConstants.SESSIONKEY, session.getAttribute(ApiConstants.SESSIONKEY)));
+                            String sameSite = getApiSessionKeySameSite();
+                            resp.addHeader("SET-COOKIE", String.format("%s=%s;HttpOnly;%s", ApiConstants.SESSIONKEY, session.getAttribute(ApiConstants.SESSIONKEY), sameSite));
                         }
                     } catch (ServerApiException e) {
                         httpResponseCode = e.getErrorCode().getHttpCode();
                         responseString = e.getMessage();
-                        s_logger.debug("Authentication failure: " + e.getMessage());
+                        LOGGER.debug("Authentication failure: " + e.getMessage());
                     }
 
                     if (apiAuthenticator.getAPIType() == APIAuthenticationType.LOGOUT_API) {
@@ -289,7 +293,7 @@ void processRequestInContext(final HttpServletRequest req, final HttpServletResp
                     return;
                 }
             } else {
-                s_logger.trace("no command available");
+                LOGGER.trace("no command available");
             }
             auditTrailSb.append(cleanQueryString);
             final boolean isNew = ((session == null) ? true : session.isNew());
@@ -298,15 +302,15 @@ void processRequestInContext(final HttpServletRequest req, final HttpServletResp
             // we no longer rely on web-session here, verifyRequest will populate user/account information
             // if a API key exists
 
-            if (isNew && s_logger.isTraceEnabled()) {
-                s_logger.trace(String.format("new session: %s", session));
+            if (isNew && LOGGER.isTraceEnabled()) {
+                LOGGER.trace(String.format("new session: %s", session));
             }
 
             if (!isNew && (command.equalsIgnoreCase(ValidateUserTwoFactorAuthenticationCodeCmd.APINAME) || (!skip2FAcheckForAPIs(command) && !skip2FAcheckForUser(session)))) {
-                s_logger.debug("Verifying two factor authentication");
+                LOGGER.debug("Verifying two factor authentication");
                 boolean success = verify2FA(session, command, auditTrailSb, params, remoteAddress, responseType, req, resp);
                 if (!success) {
-                    s_logger.debug("Verification of two factor authentication failed");
+                    LOGGER.debug("Verification of two factor authentication failed");
                     return;
                 }
             }
@@ -319,8 +323,8 @@ void processRequestInContext(final HttpServletRequest req, final HttpServletResp
                 if (account != null) {
                     if (invalidateHttpSessionIfNeeded(req, resp, auditTrailSb, responseType, params, session, account)) return;
                 } else {
-                    if (s_logger.isDebugEnabled()) {
-                        s_logger.debug("no account, this request will be validated through apikey(%s)/signature");
+                    if (LOGGER.isDebugEnabled()) {
+                        LOGGER.debug("no account, this request will be validated through apikey(%s)/signature");
                     }
                 }
 
@@ -330,8 +334,8 @@ void processRequestInContext(final HttpServletRequest req, final HttpServletResp
                 CallContext.register(accountMgr.getSystemUser(), accountMgr.getSystemAccount());
             }
             setProjectContext(params);
-            if (s_logger.isTraceEnabled()) {
-                s_logger.trace(String.format("verifying request for user %s from %s with %d parameters",
+            if (LOGGER.isTraceEnabled()) {
+                LOGGER.trace(String.format("verifying request for user %s from %s with %d parameters",
                         userId, remoteAddress.getHostAddress(), params.size()));
             }
             if (apiServer.verifyRequest(params, userId, remoteAddress)) {
@@ -362,18 +366,34 @@ void processRequestInContext(final HttpServletRequest req, final HttpServletResp
             HttpUtils.writeHttpResponse(resp, serializedResponseText, se.getErrorCode().getHttpCode(), responseType, ApiServer.JSONcontentType.value());
             auditTrailSb.append(" " + se.getErrorCode() + " " + se.getDescription());
         } catch (final Exception ex) {
-            s_logger.error("unknown exception writing api response", ex);
+            LOGGER.error("unknown exception writing api response", ex);
             auditTrailSb.append(" unknown exception writing api response");
         } finally {
             s_accessLogger.info(auditTrailSb.toString());
-            if (s_logger.isDebugEnabled()) {
-                s_logger.debug("===END=== " + reqStr);
+            if (LOGGER.isDebugEnabled()) {
+                LOGGER.debug("===END=== " + reqStr);
             }
             // cleanup user context to prevent from being peeked in other request context
             CallContext.unregister();
         }
     }
 
+    public static String getApiSessionKeySameSite() {
+        ApiSessionKeySameSite sameSite = EnumUtils.getEnumIgnoreCase(ApiSessionKeySameSite.class,
+                ApiServer.ApiSessionKeyCookieSameSiteSetting.value(), ApiSessionKeySameSite.Lax);
+        switch (sameSite) {
+            case Strict:
+                return "SameSite=Strict";
+            case NoneAndSecure:
+                return "SameSite=None;Secure";
+            case Null:
+                return "";
+            case Lax:
+            default:
+                return "SameSite=Lax";
+        }
+    }
+
     private boolean checkIfAuthenticatorIsOf2FA(String command) {
         boolean verify2FA = false;
         APIAuthenticator apiAuthenticator = authManager.getAPIAuthenticator(command);
@@ -402,7 +422,7 @@ protected boolean skip2FAcheckForUser(HttpSession session) {
         Long userId = (Long) session.getAttribute("userid");
         boolean is2FAverified = (boolean) session.getAttribute(ApiConstants.IS_2FA_VERIFIED);
         if (is2FAverified) {
-            s_logger.debug(String.format("Two factor authentication is already verified for the user %d, so skipping", userId));
+            LOGGER.debug(String.format("Two factor authentication is already verified for the user %d, so skipping", userId));
             skip2FAcheck = true;
         } else {
             UserAccount userAccount = accountMgr.getUserAccountById(userId);
@@ -433,7 +453,7 @@ protected boolean verify2FA(HttpSession session, String command, StringBuilder a
                 HttpUtils.writeHttpResponse(resp, responseString, HttpServletResponse.SC_OK, responseType, ApiServer.JSONcontentType.value());
                 verify2FA = true;
             } else {
-                s_logger.error("Cannot find API authenticator while verifying 2FA");
+                LOGGER.error("Cannot find API authenticator while verifying 2FA");
                 auditTrailSb.append(" Cannot find API authenticator while verifying 2FA");
                 verify2FA = false;
             }
@@ -457,7 +477,7 @@ protected boolean verify2FA(HttpSession session, String command, StringBuilder a
                 errorMsg = "Two factor authentication is mandated by admin, user needs to setup 2FA using setupUserTwoFactorAuthentication API and" +
                         " then verify 2FA using validateUserTwoFactorAuthenticationCode API before calling other APIs. Existing session is invalidated.";
             }
-            s_logger.error(errorMsg);
+            LOGGER.error(errorMsg);
 
             invalidateHttpSession(session, String.format("Unable to process the API request for %s from %s due to %s", userId, remoteAddress.getHostAddress(), errorMsg));
             auditTrailSb.append(" " + ApiErrorCode.UNAUTHORIZED2FA + " " + errorMsg);
@@ -488,7 +508,7 @@ private String saveLogString(String stringToLog) {
     private boolean requestChecksoutAsSane(HttpServletResponse resp, StringBuilder auditTrailSb, String responseType, Map<String, Object[]> params, HttpSession session, String command, Long userId, String account, Object accountObj) {
         if ((userId != null) && (account != null) && (accountObj != null) && apiServer.verifyUser(userId)) {
             if (command == null) {
-                s_logger.info("missing command, ignoring request...");
+                LOGGER.info("missing command, ignoring request...");
                 auditTrailSb.append(" " + HttpServletResponse.SC_BAD_REQUEST + " " + "no command specified");
                 final String serializedResponse = apiServer.getSerializedApiError(HttpServletResponse.SC_BAD_REQUEST, "no command specified", params, responseType);
                 HttpUtils.writeHttpResponse(resp, serializedResponse, HttpServletResponse.SC_BAD_REQUEST, responseType, ApiServer.JSONcontentType.value());
@@ -509,7 +529,9 @@ private boolean requestChecksoutAsSane(HttpServletResponse resp, StringBuilder a
     }
 
     private boolean invalidateHttpSessionIfNeeded(HttpServletRequest req, HttpServletResponse resp, StringBuilder auditTrailSb, String responseType, Map<String, Object[]> params, HttpSession session, String account) {
-        if (!HttpUtils.validateSessionKey(session, params, req.getCookies(), ApiConstants.SESSIONKEY)) {
+        ApiSessionKeyCheckOption sessionKeyCheckOption = EnumUtils.getEnumIgnoreCase(ApiSessionKeyCheckOption.class,
+                ApiServer.ApiSessionKeyCheckLocations.value(), ApiSessionKeyCheckOption.CookieAndParameter);
+        if (!HttpUtils.validateSessionKey(session, params, req.getCookies(), ApiConstants.SESSIONKEY, sessionKeyCheckOption)) {
             String msg = String.format("invalidating session %s for account %s", session.getId(), account);
             invalidateHttpSession(session, msg);
             auditTrailSb.append(" " + HttpServletResponse.SC_UNAUTHORIZED + " " + "unable to verify user credentials");
@@ -523,13 +545,13 @@ private boolean invalidateHttpSessionIfNeeded(HttpServletRequest req, HttpServle
 
     public static void invalidateHttpSession(HttpSession session, String msg) {
         try {
-            if (s_logger.isTraceEnabled()) {
-                s_logger.trace(msg);
+            if (LOGGER.isTraceEnabled()) {
+                LOGGER.trace(msg);
             }
             session.invalidate();
         } catch (final IllegalStateException ise) {
-            if (s_logger.isTraceEnabled()) {
-                s_logger.trace(String.format("failed to invalidate session %s", session.getId()));
+            if (LOGGER.isTraceEnabled()) {
+                LOGGER.trace(String.format("failed to invalidate session %s", session.getId()));
             }
         }
     }
@@ -537,7 +559,7 @@ public static void invalidateHttpSession(HttpSession session, String msg) {
     private void setProjectContext(Map<String, Object[]> requestParameters) {
         final String[] command = (String[])requestParameters.get(ApiConstants.COMMAND);
         if (command == null) {
-            s_logger.info("missing command, ignoring request...");
+            LOGGER.info("missing command, ignoring request...");
             return;
         }
 
@@ -585,14 +607,14 @@ public InetAddress getClientAddress(final HttpServletRequest request) throws Unk
                     header = header.trim();
                     ip = getCorrectIPAddress(request.getHeader(header));
                     if (StringUtils.isNotBlank(ip)) {
-                        s_logger.debug(String.format("found ip %s in header %s ", ip, header));
+                        LOGGER.debug(String.format("found ip %s in header %s ", ip, header));
                         break;
                     }
                 } // no address found in header so ip is blank and use remote addr
             } // else not an allowed proxy address, ip is blank and use remote addr
         }
         if (StringUtils.isBlank(ip)) {
-            s_logger.trace(String.format("no ip found in headers, returning remote address %s.", pretender.getHostAddress()));
+            LOGGER.trace(String.format("no ip found in headers, returning remote address %s.", pretender.getHostAddress()));
             return pretender;
         }
 
diff --git a/test/integration/smoke/test_login.py b/test/integration/smoke/test_login.py
index 40d8349a13da..acd6c4334ac4 100644
--- a/test/integration/smoke/test_login.py
+++ b/test/integration/smoke/test_login.py
@@ -133,6 +133,7 @@ def login_test_saml_user(self):
             args["command"] = 'listUsers'
             args["listall"] = 'true'
             args["response"] = "json"
+            args["sessionkey"] = response.json()['loginresponse']['sessionkey']
             response = session.get(self.server_url, params=args)
             self.assertEqual(
                 response.status_code,
diff --git a/ui/src/api/index.js b/ui/src/api/index.js
index 0d82a862528f..b65d59fa8744 100644
--- a/ui/src/api/index.js
+++ b/ui/src/api/index.js
@@ -15,8 +15,13 @@
 // specific language governing permissions and limitations
 // under the License.
 
+import Cookies from 'js-cookie'
 import { axios, sourceToken } from '@/utils/request'
 import { message, notification } from 'ant-design-vue'
+import { vueProps } from '@/vue-app'
+import {
+  ACCESS_TOKEN
+} from '@/store/mutation-types'
 
 export function api (command, args = {}, method = 'GET', data = {}) {
   let params = {}
@@ -30,6 +35,11 @@ export function api (command, args = {}, method = 'GET', data = {}) {
     })
   }
 
+  const sessionkey = vueProps.$localStorage.get(ACCESS_TOKEN) || Cookies.get('sessionkey')
+  if (sessionkey) {
+    args.sessionkey = sessionkey
+  }
+
   return axios({
     params: {
       ...args
diff --git a/ui/src/store/modules/user.js b/ui/src/store/modules/user.js
index 706653641f5c..43f938c8e7a8 100644
--- a/ui/src/store/modules/user.js
+++ b/ui/src/store/modules/user.js
@@ -24,7 +24,6 @@ import router from '@/router'
 import store from '@/store'
 import { login, logout, api } from '@/api'
 import { i18n } from '@/locales'
-import { sourceToken } from '@/utils/request'
 
 import {
   ACCESS_TOKEN,
diff --git a/utils/src/main/java/com/cloud/utils/HttpUtils.java b/utils/src/main/java/com/cloud/utils/HttpUtils.java
index a5d9f6a16b67..cc97bf4ba151 100644
--- a/utils/src/main/java/com/cloud/utils/HttpUtils.java
+++ b/utils/src/main/java/com/cloud/utils/HttpUtils.java
@@ -37,6 +37,14 @@ public class HttpUtils {
     public static final String JSON_CONTENT_TYPE = "application/json; charset=UTF-8";
     public static final String XML_CONTENT_TYPE = "text/xml; charset=UTF-8";
 
+    public enum ApiSessionKeySameSite {
+        Lax, Strict, NoneAndSecure, Null
+    }
+
+    public enum ApiSessionKeyCheckOption {
+        CookieOrParameter, ParameterOnly, CookieAndParameter
+    }
+
     public static void addSecurityHeaders(final HttpServletResponse resp) {
         if (resp.containsHeader("X-Content-Type-Options")) {
             resp.setHeader("X-Content-Type-Options", "nosniff");
@@ -103,23 +111,43 @@ public static String findCookie(final Cookie[] cookies, final String key) {
         return null;
     }
 
-    public static boolean validateSessionKey(final HttpSession session, final Map<String, Object[]> params, final Cookie[] cookies, final String sessionKeyString) {
+    public static boolean validateSessionKey(final HttpSession session, final Map<String, Object[]> params, final Cookie[] cookies, final String sessionKeyString, final ApiSessionKeyCheckOption apiSessionKeyCheckLocations) {
         if (session == null || sessionKeyString == null) {
             return false;
         }
+        final String jsessionidFromCookie = HttpUtils.findCookie(cookies, "JSESSIONID");
+        if (jsessionidFromCookie == null
+                || !(jsessionidFromCookie.startsWith(session.getId() + '.'))) {
+            s_logger.error("JSESSIONID from cookie is invalid.");
+            return false;
+        }
         final String sessionKey = (String) session.getAttribute(sessionKeyString);
+        if (sessionKey == null) {
+            s_logger.error("sessionkey attribute of the session is null.");
+            return false;
+        }
         final String sessionKeyFromCookie = HttpUtils.findCookie(cookies, sessionKeyString);
+        boolean isSessionKeyFromCookieValid = sessionKeyFromCookie != null && sessionKey.equals(sessionKeyFromCookie);
+
         String[] sessionKeyFromParams = null;
         if (params != null) {
             sessionKeyFromParams = (String[]) params.get(sessionKeyString);
         }
-        if ((sessionKey == null)
-                || (sessionKeyFromParams == null && sessionKeyFromCookie == null)
-                || (sessionKeyFromParams != null && !sessionKey.equals(sessionKeyFromParams[0]))
-                || (sessionKeyFromCookie != null && !sessionKey.equals(sessionKeyFromCookie))) {
-            return false;
+        boolean isSessionKeyFromParamsValid = sessionKeyFromParams != null && sessionKey.equals(sessionKeyFromParams[0]);
+
+        switch (apiSessionKeyCheckLocations) {
+            case CookieOrParameter:
+                return (sessionKeyFromCookie != null || sessionKeyFromParams != null)
+                        && (sessionKeyFromCookie == null || isSessionKeyFromCookieValid)
+                        && (sessionKeyFromParams == null || isSessionKeyFromParamsValid);
+            case ParameterOnly:
+                return sessionKeyFromParams != null && isSessionKeyFromParamsValid
+                        && (sessionKeyFromCookie == null || isSessionKeyFromCookieValid);
+            case CookieAndParameter:
+            default:
+                return sessionKeyFromCookie != null && isSessionKeyFromCookieValid
+                        && sessionKeyFromParams != null && isSessionKeyFromParamsValid;
         }
-        return true;
     }
 
 }
diff --git a/utils/src/test/java/com/cloud/utils/HttpUtilsTest.java b/utils/src/test/java/com/cloud/utils/HttpUtilsTest.java
index e10a5a36b279..e94724ce3d63 100644
--- a/utils/src/test/java/com/cloud/utils/HttpUtilsTest.java
+++ b/utils/src/test/java/com/cloud/utils/HttpUtilsTest.java
@@ -60,35 +60,97 @@ public void validateSessionKeyTest() {
         final String sessionKeyValue = "randomUniqueSessionID";
 
         // session and sessionKeyString null test
-        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString));
+        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.CookieOrParameter));
         sessionKeyString =  "sessionkey";
-        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString));
+        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.CookieOrParameter));
 
         // param and cookie null test
         session = new MockHttpSession();
+        final String sessionId = session.getId();
         session.setAttribute(sessionKeyString, sessionKeyValue);
-        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString));
+        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.CookieOrParameter));
 
-        // param null, cookies not null test
+        // param null, cookies not null test (JSESSIONID is null)
         params = null;
         cookies = new Cookie[]{new Cookie(sessionKeyString, sessionKeyValue)};
-        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, "randomString"));
-        assertTrue(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString));
+        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, "randomString", HttpUtils.ApiSessionKeyCheckOption.CookieOrParameter));
+        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.CookieOrParameter));
+
+        // param null, cookies not null test (JSESSIONID is not null and matches)
+        cookies = new Cookie[2];
+        cookies[0] = new Cookie(sessionKeyString, sessionKeyValue);
+        cookies[1] = new Cookie("JSESSIONID", sessionId + ".node0");
+        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, "randomString", HttpUtils.ApiSessionKeyCheckOption.CookieOrParameter));
+
+        // param null, cookies not null test (JSESSIONID is not null but mismatches)
+        cookies = new Cookie[2];
+        cookies[0] = new Cookie(sessionKeyString, sessionKeyValue);
+        cookies[1] = new Cookie("JSESSIONID", "node0xxxxxxxxxxxxx.node0");
+        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, "randomString", HttpUtils.ApiSessionKeyCheckOption.CookieOrParameter));
+        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.CookieOrParameter));
 
         // param not null, cookies null test
         params = new HashMap<String, Object[]>();
         params.put(sessionKeyString, new String[]{"randomString"});
         cookies = null;
-        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString));
+        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.CookieOrParameter));
         params.put(sessionKeyString, new String[]{sessionKeyValue});
-        assertTrue(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString));
+        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.CookieOrParameter));
 
-        // both param and cookies not null test
+        // both param and cookies not null test (JSESSIONID is null)
         params = new HashMap<String, Object[]>();
-        cookies = new Cookie[]{new Cookie(sessionKeyString, sessionKeyValue)};
+        cookies = new Cookie[2];
+        cookies[0] = new Cookie(sessionKeyString, sessionKeyValue);
         params.put(sessionKeyString, new String[]{"incorrectValue"});
-        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString));
+        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.CookieOrParameter));
         params.put(sessionKeyString, new String[]{sessionKeyValue});
-        assertTrue(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString));
+        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.CookieOrParameter));
+
+        // both param and cookies not null test (JSESSIONID is not null but mismatches)
+        params = new HashMap<String, Object[]>();
+        cookies = new Cookie[2];
+        cookies[0] = new Cookie(sessionKeyString, sessionKeyValue);
+        cookies[1] = new Cookie("JSESSIONID", "node0xxxxxxxxxxxxx.node0");
+        params.put(sessionKeyString, new String[]{"incorrectValue"});
+        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.CookieOrParameter));
+        params.put(sessionKeyString, new String[]{sessionKeyValue});
+        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.CookieOrParameter));
+
+        // both param and cookies not null test (JSESSIONID is not null amd matches)
+        params = new HashMap<String, Object[]>();
+        cookies = new Cookie[2];
+        cookies[0] = new Cookie(sessionKeyString, sessionKeyValue);
+        cookies[1] = new Cookie("JSESSIONID", sessionId + ".node0");
+        params.put(sessionKeyString, new String[]{"incorrectValue"});
+        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.CookieOrParameter));
+        params.put(sessionKeyString, new String[]{sessionKeyValue});
+        assertTrue(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.CookieOrParameter));
+
+        // param not null, cookies null test (JSESSIONID is not null amd matches)
+        params = new HashMap<String, Object[]>();
+        cookies = new Cookie[1];
+        cookies[0] = new Cookie("JSESSIONID", sessionId + ".node0");
+        params.put(sessionKeyString, new String[]{"incorrectValue"});
+        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.ParameterOnly));
+        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.CookieAndParameter));
+        params.put(sessionKeyString, new String[]{sessionKeyValue});
+        assertTrue(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.ParameterOnly));
+        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.CookieAndParameter));
+
+        // param not null (correct), cookies not null test (correct)
+        cookies = new Cookie[2];
+        cookies[0] = new Cookie(sessionKeyString, sessionKeyValue);
+        cookies[1] = new Cookie("JSESSIONID", sessionId + ".node0");
+        assertTrue(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.CookieOrParameter));
+        assertTrue(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.ParameterOnly));
+        assertTrue(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.CookieAndParameter));
+
+        // param not null (correct), cookies not null test (wrong)
+        cookies = new Cookie[2];
+        cookies[0] = new Cookie(sessionKeyString, "incorrectValue");
+        cookies[1] = new Cookie("JSESSIONID", sessionId + ".node0");
+        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.CookieOrParameter));
+        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.ParameterOnly));
+        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.CookieAndParameter));
     }
 }

From 8830d3aea16e3d9f1ab73762c9127b80223660d8 Mon Sep 17 00:00:00 2001
From: Daniel Augusto Veronezi Salvador <gutoveronezi@apache.org>
Date: Tue, 17 Sep 2024 16:08:23 -0300
Subject: [PATCH 13/24] Fix Vue devServer after CSRF fix

---
 ui/vue.config.js | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/ui/vue.config.js b/ui/vue.config.js
index 09f042385c75..0c56e7a95a34 100644
--- a/ui/vue.config.js
+++ b/ui/vue.config.js
@@ -141,7 +141,11 @@ const vueConfig = {
         secure: false,
         ws: false,
         changeOrigin: true,
-        proxyTimeout: 10 * 60 * 1000 // 10 minutes
+        proxyTimeout: 10 * 60 * 1000, // 10 minutes
+        cookieDomainRewrite: '*',
+        cookiePathRewrite: {
+          '/client': '/'
+        }
       }
     },
     https: process.env.HTTPS_KEY ? {

From 54b3519df120255cd43d5ad290ffa0e99a9547aa Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Thu, 3 Oct 2024 17:36:32 +0200
Subject: [PATCH 14/24] Updating pom.xml version numbers for release 4.18.2.4

Signed-off-by: Daan Hoogland <daan@onecht.net>
---
 agent/pom.xml                                               | 2 +-
 api/pom.xml                                                 | 2 +-
 client/pom.xml                                              | 2 +-
 core/pom.xml                                                | 2 +-
 debian/changelog                                            | 6 ++++++
 developer/pom.xml                                           | 2 +-
 engine/api/pom.xml                                          | 2 +-
 engine/components-api/pom.xml                               | 2 +-
 engine/orchestration/pom.xml                                | 2 +-
 engine/pom.xml                                              | 2 +-
 engine/schema/pom.xml                                       | 2 +-
 engine/service/pom.xml                                      | 2 +-
 engine/storage/cache/pom.xml                                | 2 +-
 engine/storage/configdrive/pom.xml                          | 2 +-
 engine/storage/datamotion/pom.xml                           | 2 +-
 engine/storage/image/pom.xml                                | 2 +-
 engine/storage/integration-test/pom.xml                     | 2 +-
 engine/storage/pom.xml                                      | 2 +-
 engine/storage/snapshot/pom.xml                             | 2 +-
 engine/storage/volume/pom.xml                               | 2 +-
 framework/agent-lb/pom.xml                                  | 2 +-
 framework/ca/pom.xml                                        | 2 +-
 framework/cluster/pom.xml                                   | 2 +-
 framework/config/pom.xml                                    | 2 +-
 framework/db/pom.xml                                        | 2 +-
 framework/direct-download/pom.xml                           | 4 ++--
 framework/events/pom.xml                                    | 2 +-
 framework/ipc/pom.xml                                       | 2 +-
 framework/jobs/pom.xml                                      | 2 +-
 framework/managed-context/pom.xml                           | 2 +-
 framework/pom.xml                                           | 2 +-
 framework/quota/pom.xml                                     | 2 +-
 framework/rest/pom.xml                                      | 2 +-
 framework/security/pom.xml                                  | 2 +-
 framework/spring/lifecycle/pom.xml                          | 2 +-
 framework/spring/module/pom.xml                             | 2 +-
 plugins/acl/dynamic-role-based/pom.xml                      | 2 +-
 plugins/acl/project-role-based/pom.xml                      | 2 +-
 plugins/acl/static-role-based/pom.xml                       | 2 +-
 .../affinity-group-processors/explicit-dedication/pom.xml   | 2 +-
 plugins/affinity-group-processors/host-affinity/pom.xml     | 2 +-
 .../affinity-group-processors/host-anti-affinity/pom.xml    | 2 +-
 .../non-strict-host-affinity/pom.xml                        | 2 +-
 .../non-strict-host-anti-affinity/pom.xml                   | 4 ++--
 plugins/alert-handlers/snmp-alerts/pom.xml                  | 2 +-
 plugins/alert-handlers/syslog-alerts/pom.xml                | 2 +-
 plugins/api/discovery/pom.xml                               | 2 +-
 plugins/api/rate-limit/pom.xml                              | 2 +-
 plugins/api/solidfire-intg-test/pom.xml                     | 2 +-
 plugins/api/vmware-sioc/pom.xml                             | 2 +-
 plugins/backup/dummy/pom.xml                                | 2 +-
 plugins/backup/networker/pom.xml                            | 2 +-
 plugins/backup/veeam/pom.xml                                | 2 +-
 plugins/ca/root-ca/pom.xml                                  | 2 +-
 plugins/database/mysql-ha/pom.xml                           | 2 +-
 plugins/database/quota/pom.xml                              | 2 +-
 plugins/dedicated-resources/pom.xml                         | 2 +-
 plugins/deployment-planners/implicit-dedication/pom.xml     | 2 +-
 plugins/deployment-planners/user-concentrated-pod/pom.xml   | 2 +-
 plugins/deployment-planners/user-dispersing/pom.xml         | 2 +-
 plugins/event-bus/inmemory/pom.xml                          | 2 +-
 plugins/event-bus/kafka/pom.xml                             | 2 +-
 plugins/event-bus/rabbitmq/pom.xml                          | 2 +-
 plugins/ha-planners/skip-heurestics/pom.xml                 | 2 +-
 plugins/host-allocators/random/pom.xml                      | 2 +-
 plugins/hypervisors/baremetal/pom.xml                       | 2 +-
 plugins/hypervisors/hyperv/pom.xml                          | 2 +-
 plugins/hypervisors/kvm/pom.xml                             | 2 +-
 plugins/hypervisors/ovm/pom.xml                             | 2 +-
 plugins/hypervisors/ovm3/pom.xml                            | 2 +-
 plugins/hypervisors/simulator/pom.xml                       | 2 +-
 plugins/hypervisors/ucs/pom.xml                             | 2 +-
 plugins/hypervisors/vmware/pom.xml                          | 2 +-
 plugins/hypervisors/xenserver/pom.xml                       | 2 +-
 plugins/integrations/cloudian/pom.xml                       | 2 +-
 plugins/integrations/kubernetes-service/pom.xml             | 2 +-
 plugins/integrations/prometheus/pom.xml                     | 2 +-
 plugins/metrics/pom.xml                                     | 2 +-
 plugins/network-elements/bigswitch/pom.xml                  | 2 +-
 plugins/network-elements/brocade-vcs/pom.xml                | 2 +-
 plugins/network-elements/cisco-vnmc/pom.xml                 | 2 +-
 plugins/network-elements/dns-notifier/pom.xml               | 2 +-
 plugins/network-elements/elastic-loadbalancer/pom.xml       | 2 +-
 plugins/network-elements/globodns/pom.xml                   | 2 +-
 plugins/network-elements/internal-loadbalancer/pom.xml      | 2 +-
 plugins/network-elements/juniper-contrail/pom.xml           | 2 +-
 plugins/network-elements/netscaler/pom.xml                  | 2 +-
 plugins/network-elements/nicira-nvp/pom.xml                 | 2 +-
 plugins/network-elements/opendaylight/pom.xml               | 2 +-
 plugins/network-elements/ovs/pom.xml                        | 2 +-
 plugins/network-elements/palo-alto/pom.xml                  | 2 +-
 plugins/network-elements/stratosphere-ssp/pom.xml           | 2 +-
 plugins/network-elements/tungsten/pom.xml                   | 2 +-
 plugins/network-elements/vxlan/pom.xml                      | 2 +-
 plugins/outofbandmanagement-drivers/ipmitool/pom.xml        | 2 +-
 .../outofbandmanagement-drivers/nested-cloudstack/pom.xml   | 2 +-
 plugins/outofbandmanagement-drivers/redfish/pom.xml         | 2 +-
 plugins/pom.xml                                             | 2 +-
 plugins/storage-allocators/random/pom.xml                   | 2 +-
 plugins/storage/image/default/pom.xml                       | 2 +-
 plugins/storage/image/s3/pom.xml                            | 2 +-
 plugins/storage/image/sample/pom.xml                        | 2 +-
 plugins/storage/image/swift/pom.xml                         | 2 +-
 plugins/storage/volume/cloudbyte/pom.xml                    | 2 +-
 plugins/storage/volume/datera/pom.xml                       | 2 +-
 plugins/storage/volume/default/pom.xml                      | 2 +-
 plugins/storage/volume/linstor/pom.xml                      | 2 +-
 plugins/storage/volume/nexenta/pom.xml                      | 2 +-
 plugins/storage/volume/sample/pom.xml                       | 2 +-
 plugins/storage/volume/scaleio/pom.xml                      | 2 +-
 plugins/storage/volume/solidfire/pom.xml                    | 2 +-
 plugins/storage/volume/storpool/pom.xml                     | 2 +-
 plugins/user-authenticators/ldap/pom.xml                    | 2 +-
 plugins/user-authenticators/md5/pom.xml                     | 2 +-
 plugins/user-authenticators/pbkdf2/pom.xml                  | 2 +-
 plugins/user-authenticators/plain-text/pom.xml              | 2 +-
 plugins/user-authenticators/saml2/pom.xml                   | 2 +-
 plugins/user-authenticators/sha256salted/pom.xml            | 2 +-
 plugins/user-two-factor-authenticators/static-pin/pom.xml   | 2 +-
 plugins/user-two-factor-authenticators/totp/pom.xml         | 2 +-
 pom.xml                                                     | 2 +-
 quickcloud/pom.xml                                          | 2 +-
 server/pom.xml                                              | 2 +-
 services/console-proxy/pom.xml                              | 2 +-
 services/console-proxy/rdpconsole/pom.xml                   | 2 +-
 services/console-proxy/server/pom.xml                       | 2 +-
 services/pom.xml                                            | 2 +-
 services/secondary-storage/controller/pom.xml               | 2 +-
 services/secondary-storage/pom.xml                          | 2 +-
 services/secondary-storage/server/pom.xml                   | 2 +-
 systemvm/pom.xml                                            | 2 +-
 test/pom.xml                                                | 2 +-
 tools/apidoc/pom.xml                                        | 2 +-
 tools/checkstyle/pom.xml                                    | 2 +-
 tools/devcloud-kvm/pom.xml                                  | 2 +-
 tools/devcloud4/pom.xml                                     | 2 +-
 tools/marvin/pom.xml                                        | 2 +-
 tools/pom.xml                                               | 2 +-
 usage/pom.xml                                               | 2 +-
 utils/pom.xml                                               | 2 +-
 vmware-base/pom.xml                                         | 2 +-
 141 files changed, 148 insertions(+), 142 deletions(-)

diff --git a/agent/pom.xml b/agent/pom.xml
index b362bcbcc9d6..eb2f381f0f5f 100644
--- a/agent/pom.xml
+++ b/agent/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
     </parent>
     <dependencies>
         <dependency>
diff --git a/api/pom.xml b/api/pom.xml
index d46bd5436243..dfa03f1e63ba 100644
--- a/api/pom.xml
+++ b/api/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
     </parent>
     <dependencies>
         <dependency>
diff --git a/client/pom.xml b/client/pom.xml
index 09771ba86595..2e2854d704e4 100644
--- a/client/pom.xml
+++ b/client/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
     </parent>
     <repositories>
         <repository>
diff --git a/core/pom.xml b/core/pom.xml
index 5e3d9ee7992b..3b4a56db6b87 100644
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
     </parent>
     <dependencies>
         <dependency>
diff --git a/debian/changelog b/debian/changelog
index 15c0d4f80cfd..5b77a4003867 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+cloudstack (4.18.2.4) unstable; urgency=low
+
+  * Update the version to 4.18.2.4
+
+ -- the Apache CloudStack project <dev@cloudstack.apache.org>  Thu, 03 Oct 2024 17:36:32 +0200
+
 cloudstack (4.18.2.3) unstable; urgency=low
 
   * Update the version to 4.18.2.3
diff --git a/developer/pom.xml b/developer/pom.xml
index 5cfe4a16069b..91d404c73e47 100644
--- a/developer/pom.xml
+++ b/developer/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
     </parent>
     <dependencies>
         <dependency>
diff --git a/engine/api/pom.xml b/engine/api/pom.xml
index 028d90e55dee..4f50042a7a51 100644
--- a/engine/api/pom.xml
+++ b/engine/api/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/components-api/pom.xml b/engine/components-api/pom.xml
index 4078ff51dc8f..1012785bf3fa 100644
--- a/engine/components-api/pom.xml
+++ b/engine/components-api/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/orchestration/pom.xml b/engine/orchestration/pom.xml
index a694409bb9d3..19388526bb56 100755
--- a/engine/orchestration/pom.xml
+++ b/engine/orchestration/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/pom.xml b/engine/pom.xml
index cc08eb6243a7..f33c5b1eb623 100644
--- a/engine/pom.xml
+++ b/engine/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <build>
diff --git a/engine/schema/pom.xml b/engine/schema/pom.xml
index 71c2069a2f1e..84b278a44476 100644
--- a/engine/schema/pom.xml
+++ b/engine/schema/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/service/pom.xml b/engine/service/pom.xml
index b45196c2cc72..785354990195 100644
--- a/engine/service/pom.xml
+++ b/engine/service/pom.xml
@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
     </parent>
     <artifactId>cloud-engine-service</artifactId>
     <packaging>war</packaging>
diff --git a/engine/storage/cache/pom.xml b/engine/storage/cache/pom.xml
index 0a1dd195b572..be3ee3cfaec3 100644
--- a/engine/storage/cache/pom.xml
+++ b/engine/storage/cache/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/storage/configdrive/pom.xml b/engine/storage/configdrive/pom.xml
index f0a303f83430..806b88b09924 100644
--- a/engine/storage/configdrive/pom.xml
+++ b/engine/storage/configdrive/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/storage/datamotion/pom.xml b/engine/storage/datamotion/pom.xml
index 4e61e1a4003a..424ceaa0f14e 100644
--- a/engine/storage/datamotion/pom.xml
+++ b/engine/storage/datamotion/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/storage/image/pom.xml b/engine/storage/image/pom.xml
index 2627057ef0ad..1103c7db7dc2 100644
--- a/engine/storage/image/pom.xml
+++ b/engine/storage/image/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/storage/integration-test/pom.xml b/engine/storage/integration-test/pom.xml
index 1200031d9e10..93cb378c348a 100644
--- a/engine/storage/integration-test/pom.xml
+++ b/engine/storage/integration-test/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/storage/pom.xml b/engine/storage/pom.xml
index 4a6e7c80939f..7c11d4cfc62a 100644
--- a/engine/storage/pom.xml
+++ b/engine/storage/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/storage/snapshot/pom.xml b/engine/storage/snapshot/pom.xml
index d3bdbfbe375d..46abf419ec55 100644
--- a/engine/storage/snapshot/pom.xml
+++ b/engine/storage/snapshot/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/storage/volume/pom.xml b/engine/storage/volume/pom.xml
index 7ade6685521e..b0e804c4fdbf 100644
--- a/engine/storage/volume/pom.xml
+++ b/engine/storage/volume/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/agent-lb/pom.xml b/framework/agent-lb/pom.xml
index daf07ba057af..a6cfec61ab24 100644
--- a/framework/agent-lb/pom.xml
+++ b/framework/agent-lb/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <artifactId>cloudstack-framework</artifactId>
         <groupId>org.apache.cloudstack</groupId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/framework/ca/pom.xml b/framework/ca/pom.xml
index 1cf04899cf9d..8254634359ae 100644
--- a/framework/ca/pom.xml
+++ b/framework/ca/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/framework/cluster/pom.xml b/framework/cluster/pom.xml
index e1b761d58d36..debcafccf589 100644
--- a/framework/cluster/pom.xml
+++ b/framework/cluster/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/config/pom.xml b/framework/config/pom.xml
index 545910f84b74..1834c30926e0 100644
--- a/framework/config/pom.xml
+++ b/framework/config/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/db/pom.xml b/framework/db/pom.xml
index 4ef8653c0cc7..1a6555f252ee 100644
--- a/framework/db/pom.xml
+++ b/framework/db/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/direct-download/pom.xml b/framework/direct-download/pom.xml
index 25496af3e5bd..3b142fc7c5f0 100644
--- a/framework/direct-download/pom.xml
+++ b/framework/direct-download/pom.xml
@@ -25,14 +25,14 @@
         <dependency>
             <groupId>org.apache.cloudstack</groupId>
             <artifactId>cloud-utils</artifactId>
-            <version>4.18.2.3</version>
+            <version>4.18.2.4</version>
             <scope>compile</scope>
         </dependency>
     </dependencies>
     <parent>
         <artifactId>cloudstack-framework</artifactId>
         <groupId>org.apache.cloudstack</groupId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 </project>
\ No newline at end of file
diff --git a/framework/events/pom.xml b/framework/events/pom.xml
index 7ba09b1a48ad..7724909d27e7 100644
--- a/framework/events/pom.xml
+++ b/framework/events/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/ipc/pom.xml b/framework/ipc/pom.xml
index 5b54520f891d..a8d3a0484b6a 100644
--- a/framework/ipc/pom.xml
+++ b/framework/ipc/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/jobs/pom.xml b/framework/jobs/pom.xml
index 3650b9e6c6df..cdf04aecc717 100644
--- a/framework/jobs/pom.xml
+++ b/framework/jobs/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/managed-context/pom.xml b/framework/managed-context/pom.xml
index 454e79cf608d..c264f4d851fc 100644
--- a/framework/managed-context/pom.xml
+++ b/framework/managed-context/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/pom.xml b/framework/pom.xml
index 72ab32529451..e1e2f2a2c195 100644
--- a/framework/pom.xml
+++ b/framework/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
     </parent>
     <build>
         <plugins>
diff --git a/framework/quota/pom.xml b/framework/quota/pom.xml
index bf7dcfc3e9c4..40f17ddef05c 100644
--- a/framework/quota/pom.xml
+++ b/framework/quota/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/rest/pom.xml b/framework/rest/pom.xml
index 9a25194eeff9..36f20ce5f873 100644
--- a/framework/rest/pom.xml
+++ b/framework/rest/pom.xml
@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <artifactId>cloud-framework-rest</artifactId>
diff --git a/framework/security/pom.xml b/framework/security/pom.xml
index d13021aa0214..89433c4cf993 100644
--- a/framework/security/pom.xml
+++ b/framework/security/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/spring/lifecycle/pom.xml b/framework/spring/lifecycle/pom.xml
index 842fde12a352..919ae71f4c0b 100644
--- a/framework/spring/lifecycle/pom.xml
+++ b/framework/spring/lifecycle/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/spring/module/pom.xml b/framework/spring/module/pom.xml
index ae0eb3950970..0e1ef38b9358 100644
--- a/framework/spring/module/pom.xml
+++ b/framework/spring/module/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/acl/dynamic-role-based/pom.xml b/plugins/acl/dynamic-role-based/pom.xml
index 5896cf7e8e73..7fc46f852e56 100644
--- a/plugins/acl/dynamic-role-based/pom.xml
+++ b/plugins/acl/dynamic-role-based/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/acl/project-role-based/pom.xml b/plugins/acl/project-role-based/pom.xml
index 2ceb238e6d2c..a0fd473efa88 100644
--- a/plugins/acl/project-role-based/pom.xml
+++ b/plugins/acl/project-role-based/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/acl/static-role-based/pom.xml b/plugins/acl/static-role-based/pom.xml
index b4244b445422..ca1c152e321b 100644
--- a/plugins/acl/static-role-based/pom.xml
+++ b/plugins/acl/static-role-based/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/affinity-group-processors/explicit-dedication/pom.xml b/plugins/affinity-group-processors/explicit-dedication/pom.xml
index f5a47a5321f1..c31d5e5decf9 100644
--- a/plugins/affinity-group-processors/explicit-dedication/pom.xml
+++ b/plugins/affinity-group-processors/explicit-dedication/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/affinity-group-processors/host-affinity/pom.xml b/plugins/affinity-group-processors/host-affinity/pom.xml
index 5074481484d1..d8080cd45f11 100644
--- a/plugins/affinity-group-processors/host-affinity/pom.xml
+++ b/plugins/affinity-group-processors/host-affinity/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/affinity-group-processors/host-anti-affinity/pom.xml b/plugins/affinity-group-processors/host-anti-affinity/pom.xml
index a6cd86fc710c..d292cd60df43 100644
--- a/plugins/affinity-group-processors/host-anti-affinity/pom.xml
+++ b/plugins/affinity-group-processors/host-anti-affinity/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/affinity-group-processors/non-strict-host-affinity/pom.xml b/plugins/affinity-group-processors/non-strict-host-affinity/pom.xml
index bec4e1bd2de4..9d3a83040118 100644
--- a/plugins/affinity-group-processors/non-strict-host-affinity/pom.xml
+++ b/plugins/affinity-group-processors/non-strict-host-affinity/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/affinity-group-processors/non-strict-host-anti-affinity/pom.xml b/plugins/affinity-group-processors/non-strict-host-anti-affinity/pom.xml
index 1df6b7b24b2f..fcabc6ccf5af 100644
--- a/plugins/affinity-group-processors/non-strict-host-anti-affinity/pom.xml
+++ b/plugins/affinity-group-processors/non-strict-host-anti-affinity/pom.xml
@@ -25,14 +25,14 @@
         <dependency>
             <groupId>org.apache.cloudstack</groupId>
             <artifactId>cloud-plugin-non-strict-host-affinity</artifactId>
-            <version>4.18.2.3</version>
+            <version>4.18.2.4</version>
             <scope>compile</scope>
         </dependency>
     </dependencies>
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/alert-handlers/snmp-alerts/pom.xml b/plugins/alert-handlers/snmp-alerts/pom.xml
index a49940a803d1..96c0b3e0905a 100644
--- a/plugins/alert-handlers/snmp-alerts/pom.xml
+++ b/plugins/alert-handlers/snmp-alerts/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <artifactId>cloudstack-plugins</artifactId>
         <groupId>org.apache.cloudstack</groupId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/alert-handlers/syslog-alerts/pom.xml b/plugins/alert-handlers/syslog-alerts/pom.xml
index 0531e67cba21..4eaf1810c24b 100644
--- a/plugins/alert-handlers/syslog-alerts/pom.xml
+++ b/plugins/alert-handlers/syslog-alerts/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <artifactId>cloudstack-plugins</artifactId>
         <groupId>org.apache.cloudstack</groupId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/api/discovery/pom.xml b/plugins/api/discovery/pom.xml
index 8b42abdb6b74..bb5de14b73de 100644
--- a/plugins/api/discovery/pom.xml
+++ b/plugins/api/discovery/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/api/rate-limit/pom.xml b/plugins/api/rate-limit/pom.xml
index 7e9f4bdf70b4..fa0ee726ebaf 100644
--- a/plugins/api/rate-limit/pom.xml
+++ b/plugins/api/rate-limit/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <build>
diff --git a/plugins/api/solidfire-intg-test/pom.xml b/plugins/api/solidfire-intg-test/pom.xml
index cc570a632243..5614b35052e3 100644
--- a/plugins/api/solidfire-intg-test/pom.xml
+++ b/plugins/api/solidfire-intg-test/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/api/vmware-sioc/pom.xml b/plugins/api/vmware-sioc/pom.xml
index 001fc83df9b2..23c1d9370ee9 100644
--- a/plugins/api/vmware-sioc/pom.xml
+++ b/plugins/api/vmware-sioc/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/backup/dummy/pom.xml b/plugins/backup/dummy/pom.xml
index 0faffad3950c..77d7f0d34cc2 100644
--- a/plugins/backup/dummy/pom.xml
+++ b/plugins/backup/dummy/pom.xml
@@ -23,7 +23,7 @@
     <parent>
         <artifactId>cloudstack-plugins</artifactId>
         <groupId>org.apache.cloudstack</groupId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/backup/networker/pom.xml b/plugins/backup/networker/pom.xml
index 6e409a62364a..63afdbb0cc06 100644
--- a/plugins/backup/networker/pom.xml
+++ b/plugins/backup/networker/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <artifactId>cloudstack-plugins</artifactId>
         <groupId>org.apache.cloudstack</groupId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/backup/veeam/pom.xml b/plugins/backup/veeam/pom.xml
index 0fe626181827..b5873bba2eaa 100644
--- a/plugins/backup/veeam/pom.xml
+++ b/plugins/backup/veeam/pom.xml
@@ -23,7 +23,7 @@
   <parent>
     <artifactId>cloudstack-plugins</artifactId>
     <groupId>org.apache.cloudstack</groupId>
-    <version>4.18.2.3</version>
+    <version>4.18.2.4</version>
     <relativePath>../../pom.xml</relativePath>
   </parent>
 
diff --git a/plugins/ca/root-ca/pom.xml b/plugins/ca/root-ca/pom.xml
index 7b955d17c442..ddba4582e0f3 100644
--- a/plugins/ca/root-ca/pom.xml
+++ b/plugins/ca/root-ca/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/database/mysql-ha/pom.xml b/plugins/database/mysql-ha/pom.xml
index 2eab555fae29..d17caf67e725 100644
--- a/plugins/database/mysql-ha/pom.xml
+++ b/plugins/database/mysql-ha/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/database/quota/pom.xml b/plugins/database/quota/pom.xml
index 73b50bd94b13..dbfe93e3f2d7 100644
--- a/plugins/database/quota/pom.xml
+++ b/plugins/database/quota/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/dedicated-resources/pom.xml b/plugins/dedicated-resources/pom.xml
index 4d09b267ab5e..fef2d32d18ed 100644
--- a/plugins/dedicated-resources/pom.xml
+++ b/plugins/dedicated-resources/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/deployment-planners/implicit-dedication/pom.xml b/plugins/deployment-planners/implicit-dedication/pom.xml
index 45df9b2a060e..b6ada87d886c 100644
--- a/plugins/deployment-planners/implicit-dedication/pom.xml
+++ b/plugins/deployment-planners/implicit-dedication/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/deployment-planners/user-concentrated-pod/pom.xml b/plugins/deployment-planners/user-concentrated-pod/pom.xml
index a344bf560a58..4bae3ae8d5a7 100644
--- a/plugins/deployment-planners/user-concentrated-pod/pom.xml
+++ b/plugins/deployment-planners/user-concentrated-pod/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/deployment-planners/user-dispersing/pom.xml b/plugins/deployment-planners/user-dispersing/pom.xml
index e2fa1d388399..7006561ae546 100644
--- a/plugins/deployment-planners/user-dispersing/pom.xml
+++ b/plugins/deployment-planners/user-dispersing/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/event-bus/inmemory/pom.xml b/plugins/event-bus/inmemory/pom.xml
index 973de93479e2..82a71aed2da1 100644
--- a/plugins/event-bus/inmemory/pom.xml
+++ b/plugins/event-bus/inmemory/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/event-bus/kafka/pom.xml b/plugins/event-bus/kafka/pom.xml
index b8640be047a7..597319435c26 100644
--- a/plugins/event-bus/kafka/pom.xml
+++ b/plugins/event-bus/kafka/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/event-bus/rabbitmq/pom.xml b/plugins/event-bus/rabbitmq/pom.xml
index 76831c8e68cb..e0bc0d06273d 100644
--- a/plugins/event-bus/rabbitmq/pom.xml
+++ b/plugins/event-bus/rabbitmq/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/ha-planners/skip-heurestics/pom.xml b/plugins/ha-planners/skip-heurestics/pom.xml
index edfb68b6392f..de2ab5c01887 100644
--- a/plugins/ha-planners/skip-heurestics/pom.xml
+++ b/plugins/ha-planners/skip-heurestics/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/host-allocators/random/pom.xml b/plugins/host-allocators/random/pom.xml
index 57ccc867d9c0..38a9b7e37aa8 100644
--- a/plugins/host-allocators/random/pom.xml
+++ b/plugins/host-allocators/random/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/hypervisors/baremetal/pom.xml b/plugins/hypervisors/baremetal/pom.xml
index 57c3e26fdcb7..82556cfc1e8b 100755
--- a/plugins/hypervisors/baremetal/pom.xml
+++ b/plugins/hypervisors/baremetal/pom.xml
@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <artifactId>cloud-plugin-hypervisor-baremetal</artifactId>
diff --git a/plugins/hypervisors/hyperv/pom.xml b/plugins/hypervisors/hyperv/pom.xml
index 90e9f99fbdb8..275248714e68 100644
--- a/plugins/hypervisors/hyperv/pom.xml
+++ b/plugins/hypervisors/hyperv/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <properties>
diff --git a/plugins/hypervisors/kvm/pom.xml b/plugins/hypervisors/kvm/pom.xml
index 1bbd8ab6d0d6..8f703852e293 100644
--- a/plugins/hypervisors/kvm/pom.xml
+++ b/plugins/hypervisors/kvm/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/hypervisors/ovm/pom.xml b/plugins/hypervisors/ovm/pom.xml
index 6a749fc87692..dcf3d4a135a7 100644
--- a/plugins/hypervisors/ovm/pom.xml
+++ b/plugins/hypervisors/ovm/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/hypervisors/ovm3/pom.xml b/plugins/hypervisors/ovm3/pom.xml
index 790c779047b9..9a7297b780e9 100644
--- a/plugins/hypervisors/ovm3/pom.xml
+++ b/plugins/hypervisors/ovm3/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/hypervisors/simulator/pom.xml b/plugins/hypervisors/simulator/pom.xml
index 4cc2b89e44d5..f7ae06ff446b 100644
--- a/plugins/hypervisors/simulator/pom.xml
+++ b/plugins/hypervisors/simulator/pom.xml
@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <artifactId>cloud-plugin-hypervisor-simulator</artifactId>
diff --git a/plugins/hypervisors/ucs/pom.xml b/plugins/hypervisors/ucs/pom.xml
index 3007e121eaaf..70de1a263c48 100644
--- a/plugins/hypervisors/ucs/pom.xml
+++ b/plugins/hypervisors/ucs/pom.xml
@@ -23,7 +23,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <artifactId>cloud-plugin-hypervisor-ucs</artifactId>
diff --git a/plugins/hypervisors/vmware/pom.xml b/plugins/hypervisors/vmware/pom.xml
index e225e7fc7466..028b5f0de4e4 100644
--- a/plugins/hypervisors/vmware/pom.xml
+++ b/plugins/hypervisors/vmware/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/hypervisors/xenserver/pom.xml b/plugins/hypervisors/xenserver/pom.xml
index 21579c8994ef..1c2ca64b0fcd 100644
--- a/plugins/hypervisors/xenserver/pom.xml
+++ b/plugins/hypervisors/xenserver/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/integrations/cloudian/pom.xml b/plugins/integrations/cloudian/pom.xml
index f2d8bc1c8afa..9c398d850719 100644
--- a/plugins/integrations/cloudian/pom.xml
+++ b/plugins/integrations/cloudian/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/integrations/kubernetes-service/pom.xml b/plugins/integrations/kubernetes-service/pom.xml
index b4a97833b4cc..f415228d7a03 100644
--- a/plugins/integrations/kubernetes-service/pom.xml
+++ b/plugins/integrations/kubernetes-service/pom.xml
@@ -26,7 +26,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/integrations/prometheus/pom.xml b/plugins/integrations/prometheus/pom.xml
index d5420bdfae03..964d18f11805 100644
--- a/plugins/integrations/prometheus/pom.xml
+++ b/plugins/integrations/prometheus/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/metrics/pom.xml b/plugins/metrics/pom.xml
index 401e4c5715a3..c8fbd36ec575 100644
--- a/plugins/metrics/pom.xml
+++ b/plugins/metrics/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/network-elements/bigswitch/pom.xml b/plugins/network-elements/bigswitch/pom.xml
index 5613e1d0ece6..f1df10486373 100644
--- a/plugins/network-elements/bigswitch/pom.xml
+++ b/plugins/network-elements/bigswitch/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/network-elements/brocade-vcs/pom.xml b/plugins/network-elements/brocade-vcs/pom.xml
index 36b7774a7b4c..93e1855e3204 100644
--- a/plugins/network-elements/brocade-vcs/pom.xml
+++ b/plugins/network-elements/brocade-vcs/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <build>
diff --git a/plugins/network-elements/cisco-vnmc/pom.xml b/plugins/network-elements/cisco-vnmc/pom.xml
index 767c1db915ca..b2b7be62bd5d 100644
--- a/plugins/network-elements/cisco-vnmc/pom.xml
+++ b/plugins/network-elements/cisco-vnmc/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/network-elements/dns-notifier/pom.xml b/plugins/network-elements/dns-notifier/pom.xml
index bdf790b26722..98789cb85b1e 100644
--- a/plugins/network-elements/dns-notifier/pom.xml
+++ b/plugins/network-elements/dns-notifier/pom.xml
@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <artifactId>cloud-plugin-example-dns-notifier</artifactId>
diff --git a/plugins/network-elements/elastic-loadbalancer/pom.xml b/plugins/network-elements/elastic-loadbalancer/pom.xml
index cdd257c15901..8b364dd2c5f2 100644
--- a/plugins/network-elements/elastic-loadbalancer/pom.xml
+++ b/plugins/network-elements/elastic-loadbalancer/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/network-elements/globodns/pom.xml b/plugins/network-elements/globodns/pom.xml
index 520aa310fe12..b41e4b5a01e5 100644
--- a/plugins/network-elements/globodns/pom.xml
+++ b/plugins/network-elements/globodns/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/network-elements/internal-loadbalancer/pom.xml b/plugins/network-elements/internal-loadbalancer/pom.xml
index 9e69680a9513..84ae12f4a2d3 100644
--- a/plugins/network-elements/internal-loadbalancer/pom.xml
+++ b/plugins/network-elements/internal-loadbalancer/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/network-elements/juniper-contrail/pom.xml b/plugins/network-elements/juniper-contrail/pom.xml
index c843674075cf..d332894257b2 100644
--- a/plugins/network-elements/juniper-contrail/pom.xml
+++ b/plugins/network-elements/juniper-contrail/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <repositories>
diff --git a/plugins/network-elements/netscaler/pom.xml b/plugins/network-elements/netscaler/pom.xml
index 16dfd1ebf4da..08653bf6bb33 100644
--- a/plugins/network-elements/netscaler/pom.xml
+++ b/plugins/network-elements/netscaler/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/network-elements/nicira-nvp/pom.xml b/plugins/network-elements/nicira-nvp/pom.xml
index 08bd8a0f4ed7..cce2583f8acc 100644
--- a/plugins/network-elements/nicira-nvp/pom.xml
+++ b/plugins/network-elements/nicira-nvp/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/network-elements/opendaylight/pom.xml b/plugins/network-elements/opendaylight/pom.xml
index 34eb632b88f3..676e2a374cec 100644
--- a/plugins/network-elements/opendaylight/pom.xml
+++ b/plugins/network-elements/opendaylight/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <profiles>
diff --git a/plugins/network-elements/ovs/pom.xml b/plugins/network-elements/ovs/pom.xml
index d6256cc77948..0dd94fcde45d 100644
--- a/plugins/network-elements/ovs/pom.xml
+++ b/plugins/network-elements/ovs/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/network-elements/palo-alto/pom.xml b/plugins/network-elements/palo-alto/pom.xml
index cad5d3d9fc63..b40d91fbfc42 100644
--- a/plugins/network-elements/palo-alto/pom.xml
+++ b/plugins/network-elements/palo-alto/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/network-elements/stratosphere-ssp/pom.xml b/plugins/network-elements/stratosphere-ssp/pom.xml
index 4abb8622205f..4b0195ec670b 100644
--- a/plugins/network-elements/stratosphere-ssp/pom.xml
+++ b/plugins/network-elements/stratosphere-ssp/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/network-elements/tungsten/pom.xml b/plugins/network-elements/tungsten/pom.xml
index 581c09d412cf..e3a1f5635e6a 100644
--- a/plugins/network-elements/tungsten/pom.xml
+++ b/plugins/network-elements/tungsten/pom.xml
@@ -26,7 +26,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
diff --git a/plugins/network-elements/vxlan/pom.xml b/plugins/network-elements/vxlan/pom.xml
index c29da64710d7..bf05e1ecfa9f 100644
--- a/plugins/network-elements/vxlan/pom.xml
+++ b/plugins/network-elements/vxlan/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/outofbandmanagement-drivers/ipmitool/pom.xml b/plugins/outofbandmanagement-drivers/ipmitool/pom.xml
index b3df88c276cd..8725f6e5f390 100644
--- a/plugins/outofbandmanagement-drivers/ipmitool/pom.xml
+++ b/plugins/outofbandmanagement-drivers/ipmitool/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/outofbandmanagement-drivers/nested-cloudstack/pom.xml b/plugins/outofbandmanagement-drivers/nested-cloudstack/pom.xml
index e12de629a974..526d6926ac23 100644
--- a/plugins/outofbandmanagement-drivers/nested-cloudstack/pom.xml
+++ b/plugins/outofbandmanagement-drivers/nested-cloudstack/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/outofbandmanagement-drivers/redfish/pom.xml b/plugins/outofbandmanagement-drivers/redfish/pom.xml
index 5f7590a73ce3..6d42bfbf16ea 100644
--- a/plugins/outofbandmanagement-drivers/redfish/pom.xml
+++ b/plugins/outofbandmanagement-drivers/redfish/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/pom.xml b/plugins/pom.xml
index 76d621000f80..766d9ccaa70d 100755
--- a/plugins/pom.xml
+++ b/plugins/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
     </parent>
     <build>
         <plugins>
diff --git a/plugins/storage-allocators/random/pom.xml b/plugins/storage-allocators/random/pom.xml
index 89f3b8ad2c67..46a32004d99c 100644
--- a/plugins/storage-allocators/random/pom.xml
+++ b/plugins/storage-allocators/random/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/image/default/pom.xml b/plugins/storage/image/default/pom.xml
index e14ff6dafa36..2abb8fd3146b 100644
--- a/plugins/storage/image/default/pom.xml
+++ b/plugins/storage/image/default/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/image/s3/pom.xml b/plugins/storage/image/s3/pom.xml
index f6603ab4b0d3..769e1bbc1eef 100644
--- a/plugins/storage/image/s3/pom.xml
+++ b/plugins/storage/image/s3/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/image/sample/pom.xml b/plugins/storage/image/sample/pom.xml
index 1acd92cc1b12..700fdf8d8ca3 100644
--- a/plugins/storage/image/sample/pom.xml
+++ b/plugins/storage/image/sample/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/image/swift/pom.xml b/plugins/storage/image/swift/pom.xml
index b06c99aaf253..6d8c6fa16239 100644
--- a/plugins/storage/image/swift/pom.xml
+++ b/plugins/storage/image/swift/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/volume/cloudbyte/pom.xml b/plugins/storage/volume/cloudbyte/pom.xml
index 85f9aec67148..4e5d81e30aa9 100644
--- a/plugins/storage/volume/cloudbyte/pom.xml
+++ b/plugins/storage/volume/cloudbyte/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/volume/datera/pom.xml b/plugins/storage/volume/datera/pom.xml
index 283b42239e47..4f5c9dcc57c2 100644
--- a/plugins/storage/volume/datera/pom.xml
+++ b/plugins/storage/volume/datera/pom.xml
@@ -16,7 +16,7 @@
   <parent>
     <groupId>org.apache.cloudstack</groupId>
     <artifactId>cloudstack-plugins</artifactId>
-    <version>4.18.2.3</version>
+    <version>4.18.2.4</version>
     <relativePath>../../../pom.xml</relativePath>
   </parent>
   <dependencies>
diff --git a/plugins/storage/volume/default/pom.xml b/plugins/storage/volume/default/pom.xml
index 33546ea11938..6aee9311a303 100644
--- a/plugins/storage/volume/default/pom.xml
+++ b/plugins/storage/volume/default/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/volume/linstor/pom.xml b/plugins/storage/volume/linstor/pom.xml
index 4304c932bab9..2f7cae34a2e4 100644
--- a/plugins/storage/volume/linstor/pom.xml
+++ b/plugins/storage/volume/linstor/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/volume/nexenta/pom.xml b/plugins/storage/volume/nexenta/pom.xml
index a5b88169e824..5ddf420c3b31 100644
--- a/plugins/storage/volume/nexenta/pom.xml
+++ b/plugins/storage/volume/nexenta/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/volume/sample/pom.xml b/plugins/storage/volume/sample/pom.xml
index 558ce8c1cce5..36420003f803 100644
--- a/plugins/storage/volume/sample/pom.xml
+++ b/plugins/storage/volume/sample/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/volume/scaleio/pom.xml b/plugins/storage/volume/scaleio/pom.xml
index a959578fb35b..8a14de3f262e 100644
--- a/plugins/storage/volume/scaleio/pom.xml
+++ b/plugins/storage/volume/scaleio/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/volume/solidfire/pom.xml b/plugins/storage/volume/solidfire/pom.xml
index ae01b5c14297..108c10f0c486 100644
--- a/plugins/storage/volume/solidfire/pom.xml
+++ b/plugins/storage/volume/solidfire/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/volume/storpool/pom.xml b/plugins/storage/volume/storpool/pom.xml
index ee6684021989..6db335261b15 100644
--- a/plugins/storage/volume/storpool/pom.xml
+++ b/plugins/storage/volume/storpool/pom.xml
@@ -17,7 +17,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/user-authenticators/ldap/pom.xml b/plugins/user-authenticators/ldap/pom.xml
index 7a6ed59ce532..7d8128bcdc41 100644
--- a/plugins/user-authenticators/ldap/pom.xml
+++ b/plugins/user-authenticators/ldap/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
diff --git a/plugins/user-authenticators/md5/pom.xml b/plugins/user-authenticators/md5/pom.xml
index 58a4a40fc939..5d94de176cbf 100644
--- a/plugins/user-authenticators/md5/pom.xml
+++ b/plugins/user-authenticators/md5/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/user-authenticators/pbkdf2/pom.xml b/plugins/user-authenticators/pbkdf2/pom.xml
index 4ea946af22fa..839dcd545ccc 100644
--- a/plugins/user-authenticators/pbkdf2/pom.xml
+++ b/plugins/user-authenticators/pbkdf2/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/user-authenticators/plain-text/pom.xml b/plugins/user-authenticators/plain-text/pom.xml
index a2201dc011d8..032cc315c26d 100644
--- a/plugins/user-authenticators/plain-text/pom.xml
+++ b/plugins/user-authenticators/plain-text/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/user-authenticators/saml2/pom.xml b/plugins/user-authenticators/saml2/pom.xml
index 8caf4d085eff..012204f00d8d 100644
--- a/plugins/user-authenticators/saml2/pom.xml
+++ b/plugins/user-authenticators/saml2/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/user-authenticators/sha256salted/pom.xml b/plugins/user-authenticators/sha256salted/pom.xml
index 2813c96146c6..53db53f3c207 100644
--- a/plugins/user-authenticators/sha256salted/pom.xml
+++ b/plugins/user-authenticators/sha256salted/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/user-two-factor-authenticators/static-pin/pom.xml b/plugins/user-two-factor-authenticators/static-pin/pom.xml
index 6e1a9a3ac7ca..824cd50f5629 100644
--- a/plugins/user-two-factor-authenticators/static-pin/pom.xml
+++ b/plugins/user-two-factor-authenticators/static-pin/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
\ No newline at end of file
diff --git a/plugins/user-two-factor-authenticators/totp/pom.xml b/plugins/user-two-factor-authenticators/totp/pom.xml
index 818aedaebafa..54bc2c9817a5 100644
--- a/plugins/user-two-factor-authenticators/totp/pom.xml
+++ b/plugins/user-two-factor-authenticators/totp/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index df6552268f36..1c74bef8524a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -29,7 +29,7 @@
 
     <groupId>org.apache.cloudstack</groupId>
     <artifactId>cloudstack</artifactId>
-    <version>4.18.2.3</version>
+    <version>4.18.2.4</version>
     <packaging>pom</packaging>
     <name>Apache CloudStack</name>
     <description>Apache CloudStack is an IaaS ("Infrastructure as a Service") cloud orchestration platform.</description>
diff --git a/quickcloud/pom.xml b/quickcloud/pom.xml
index 5fdf7d550133..20ecb47603df 100644
--- a/quickcloud/pom.xml
+++ b/quickcloud/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/server/pom.xml b/server/pom.xml
index ddbfbb7516c6..e41e4c90ef82 100644
--- a/server/pom.xml
+++ b/server/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
     </parent>
     <repositories>
         <repository>
diff --git a/services/console-proxy/pom.xml b/services/console-proxy/pom.xml
index a92d715a0fc5..2d3b5c94ba98 100644
--- a/services/console-proxy/pom.xml
+++ b/services/console-proxy/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-services</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <build>
diff --git a/services/console-proxy/rdpconsole/pom.xml b/services/console-proxy/rdpconsole/pom.xml
index 16160cbaa3ee..06a8a5c71e20 100644
--- a/services/console-proxy/rdpconsole/pom.xml
+++ b/services/console-proxy/rdpconsole/pom.xml
@@ -26,7 +26,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-service-console-proxy</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/services/console-proxy/server/pom.xml b/services/console-proxy/server/pom.xml
index 268486f07422..36b54877a475 100644
--- a/services/console-proxy/server/pom.xml
+++ b/services/console-proxy/server/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-service-console-proxy</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/services/pom.xml b/services/pom.xml
index a8b1965c7718..4568ec8ab910 100644
--- a/services/pom.xml
+++ b/services/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <build>
diff --git a/services/secondary-storage/controller/pom.xml b/services/secondary-storage/controller/pom.xml
index bc109479172b..b6ec6cb4afa4 100644
--- a/services/secondary-storage/controller/pom.xml
+++ b/services/secondary-storage/controller/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-service-secondary-storage</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/services/secondary-storage/pom.xml b/services/secondary-storage/pom.xml
index 3aaf2b84e8e9..388ad8fa20be 100644
--- a/services/secondary-storage/pom.xml
+++ b/services/secondary-storage/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-services</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <build>
diff --git a/services/secondary-storage/server/pom.xml b/services/secondary-storage/server/pom.xml
index 07ef8174c007..ed9842256d2e 100644
--- a/services/secondary-storage/server/pom.xml
+++ b/services/secondary-storage/server/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-service-secondary-storage</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/systemvm/pom.xml b/systemvm/pom.xml
index 1320e74d6907..583b62daca7b 100644
--- a/systemvm/pom.xml
+++ b/systemvm/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <properties>
diff --git a/test/pom.xml b/test/pom.xml
index c9d75a3a5c92..f1a30a5f7187 100644
--- a/test/pom.xml
+++ b/test/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
     </parent>
     <dependencies>
         <dependency>
diff --git a/tools/apidoc/pom.xml b/tools/apidoc/pom.xml
index 2927b2503055..dc0a4ba74c81 100644
--- a/tools/apidoc/pom.xml
+++ b/tools/apidoc/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-tools</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <properties>
diff --git a/tools/checkstyle/pom.xml b/tools/checkstyle/pom.xml
index 5c625773cbee..1af9e8b31761 100644
--- a/tools/checkstyle/pom.xml
+++ b/tools/checkstyle/pom.xml
@@ -22,7 +22,7 @@
     <name>Apache CloudStack Developer Tools - Checkstyle Configuration</name>
     <groupId>org.apache.cloudstack</groupId>
     <artifactId>checkstyle</artifactId>
-    <version>4.18.2.3</version>
+    <version>4.18.2.4</version>
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
diff --git a/tools/devcloud-kvm/pom.xml b/tools/devcloud-kvm/pom.xml
index 8d6ab4a51360..0eb536f9243e 100644
--- a/tools/devcloud-kvm/pom.xml
+++ b/tools/devcloud-kvm/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-tools</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/tools/devcloud4/pom.xml b/tools/devcloud4/pom.xml
index aaea539644e2..85a79593a6e7 100644
--- a/tools/devcloud4/pom.xml
+++ b/tools/devcloud4/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-tools</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/tools/marvin/pom.xml b/tools/marvin/pom.xml
index e18fbaf44196..694381c29587 100644
--- a/tools/marvin/pom.xml
+++ b/tools/marvin/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-tools</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/tools/pom.xml b/tools/pom.xml
index f1b315df7b65..5ad0a53cd66a 100644
--- a/tools/pom.xml
+++ b/tools/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <build>
diff --git a/usage/pom.xml b/usage/pom.xml
index b8678204fba2..02e6b6024e12 100644
--- a/usage/pom.xml
+++ b/usage/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
     </parent>
     <dependencies>
         <dependency>
diff --git a/utils/pom.xml b/utils/pom.xml
index a5c058c90f5b..6f9ec98c6c88 100755
--- a/utils/pom.xml
+++ b/utils/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/vmware-base/pom.xml b/vmware-base/pom.xml
index 5c6707f1c19a..def5b04f0909 100644
--- a/vmware-base/pom.xml
+++ b/vmware-base/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.18.2.3</version>
+        <version>4.18.2.4</version>
     </parent>
     <dependencies>
         <dependency>

From 8a2f6528f1ebfc3fd4b8fddcf06628f4f5a45126 Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Wed, 28 Aug 2024 15:22:29 +0200
Subject: [PATCH 15/24] Session Token Invalidation on Logout

---
 .../main/java/com/cloud/api/ApiServlet.java   | 27 ++++++++++---------
 ui/src/api/index.js                           |  1 -
 ui/src/store/modules/user.js                  | 11 ++++----
 3 files changed, 21 insertions(+), 18 deletions(-)

diff --git a/server/src/main/java/com/cloud/api/ApiServlet.java b/server/src/main/java/com/cloud/api/ApiServlet.java
index f6f46419c049..e719238afef1 100644
--- a/server/src/main/java/com/cloud/api/ApiServlet.java
+++ b/server/src/main/java/com/cloud/api/ApiServlet.java
@@ -260,19 +260,22 @@ void processRequestInContext(final HttpServletRequest req, final HttpServletResp
                     }
 
                     if (apiAuthenticator.getAPIType() == APIAuthenticationType.LOGOUT_API) {
-                        if (session != null) {
-                            final Long userId = (Long) session.getAttribute("userid");
-                            final Account account = (Account) session.getAttribute("accountobj");
-                            Long accountId = null;
-                            if (account != null) {
-                                accountId = account.getId();
-                            }
-                            auditTrailSb.insert(0, "(userId=" + userId + " accountId=" + accountId + " sessionId=" + session.getId() + ")");
-                            if (userId != null) {
-                                apiServer.logoutUser(userId);
-                            }
-                            invalidateHttpSession(session, "invalidating session after logout call");
+                        if (session == null) {
+                            throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Session not found for the logout process.");
                         }
+
+                        final Long userId = (Long) session.getAttribute("userid");
+                        final Account account = (Account) session.getAttribute("accountobj");
+                        Long accountId = null;
+                        if (account != null) {
+                            accountId = account.getId();
+                        }
+                        auditTrailSb.insert(0, "(userId=" + userId + " accountId=" + accountId + " sessionId=" + session.getId() + ")");
+                        if (userId != null) {
+                            apiServer.logoutUser(userId);
+                        }
+                        invalidateHttpSession(session, "invalidating session after logout call");
+
                         final Cookie[] cookies = req.getCookies();
                         if (cookies != null) {
                             for (final Cookie cookie : cookies) {
diff --git a/ui/src/api/index.js b/ui/src/api/index.js
index 1db416612766..144320107385 100644
--- a/ui/src/api/index.js
+++ b/ui/src/api/index.js
@@ -65,7 +65,6 @@ export function login (arg) {
 }
 
 export function logout () {
-  sourceToken.cancel()
   message.destroy()
   notification.destroy()
   return api('logout')
diff --git a/ui/src/store/modules/user.js b/ui/src/store/modules/user.js
index fb5b6ff5e0bb..08a0c340c642 100644
--- a/ui/src/store/modules/user.js
+++ b/ui/src/store/modules/user.js
@@ -24,6 +24,7 @@ import router from '@/router'
 import store from '@/store'
 import { oauthlogin, login, logout, api } from '@/api'
 import { i18n } from '@/locales'
+import { sourceToken } from '@/utils/request'
 
 import {
   ACCESS_TOKEN,
@@ -374,11 +375,6 @@ const user = {
           cloudianUrl = state.cloudian.url + 'logout.htm?redirect=' + encodeURIComponent(window.location.href)
         }
 
-        Object.keys(Cookies.get()).forEach(cookieName => {
-          Cookies.remove(cookieName)
-          Cookies.remove(cookieName, { path: '/client' })
-        })
-
         commit('SET_TOKEN', '')
         commit('SET_APIS', {})
         commit('SET_PROJECT', {})
@@ -406,6 +402,11 @@ const user = {
           }
         }).catch(() => {
           resolve()
+        }).finally(() => {
+          Object.keys(Cookies.get()).forEach(cookieName => {
+            Cookies.remove(cookieName)
+            Cookies.remove(cookieName, { path: '/client' })
+          })
         })
       })
     },

From 123b426c16cf4fcadc30f55e8b7fd1a5d60bd09b Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Tue, 20 Aug 2024 15:12:54 +0200
Subject: [PATCH 16/24] fix quota resource access validation

---
 .../java/com/cloud/user/AccountService.java   |   2 +
 .../api/command/QuotaBalanceCmd.java          |  13 +-
 .../api/command/QuotaCreditsCmd.java          |   6 +
 .../api/command/QuotaStatementCmd.java        |   6 +
 .../management/MockAccountManager.java        |   5 +
 .../api/dispatch/ParamProcessWorker.java      |  57 ++++----
 .../com/cloud/user/AccountManagerImpl.java    |  14 ++
 .../api/dispatch/ParamProcessWorkerTest.java  | 129 +++++++++++++++---
 .../cloud/user/MockAccountManagerImpl.java    |   5 +
 9 files changed, 187 insertions(+), 50 deletions(-)

diff --git a/api/src/main/java/com/cloud/user/AccountService.java b/api/src/main/java/com/cloud/user/AccountService.java
index 63f5455cfd09..60db7abb7346 100644
--- a/api/src/main/java/com/cloud/user/AccountService.java
+++ b/api/src/main/java/com/cloud/user/AccountService.java
@@ -116,6 +116,8 @@ User createUser(String userName, String password, String firstName, String lastN
 
     void checkAccess(Account account, AccessType accessType, boolean sameOwner, String apiName, ControlledEntity... entities) throws PermissionDeniedException;
 
+    void validateAccountHasAccessToResource(Account account, AccessType accessType, Object resource);
+
     Long finalyzeAccountId(String accountName, Long domainId, Long projectId, boolean enabledOnly);
 
     /**
diff --git a/plugins/database/quota/src/main/java/org/apache/cloudstack/api/command/QuotaBalanceCmd.java b/plugins/database/quota/src/main/java/org/apache/cloudstack/api/command/QuotaBalanceCmd.java
index f4e248855fd0..ecb6531d0cf1 100644
--- a/plugins/database/quota/src/main/java/org/apache/cloudstack/api/command/QuotaBalanceCmd.java
+++ b/plugins/database/quota/src/main/java/org/apache/cloudstack/api/command/QuotaBalanceCmd.java
@@ -21,6 +21,8 @@
 
 import javax.inject.Inject;
 
+import com.cloud.user.Account;
+import org.apache.cloudstack.api.ACL;
 import org.apache.log4j.Logger;
 import org.apache.cloudstack.api.APICommand;
 import org.apache.cloudstack.api.ApiConstants;
@@ -42,6 +44,7 @@ public class QuotaBalanceCmd extends BaseCmd {
     @Parameter(name = ApiConstants.ACCOUNT, type = CommandType.STRING, required = true, description = "Account Id for which statement needs to be generated")
     private String accountName;
 
+    @ACL
     @Parameter(name = ApiConstants.DOMAIN_ID, type = CommandType.UUID, required = true, entityType = DomainResponse.class, description = "If domain Id is given and the caller is domain admin then the statement is generated for domain.")
     private Long domainId;
 
@@ -51,6 +54,7 @@ public class QuotaBalanceCmd extends BaseCmd {
     @Parameter(name = ApiConstants.START_DATE, type = CommandType.DATE, description = "Start date range quota query. Use yyyy-MM-dd as the date format, e.g. startDate=2009-06-01.")
     private Date startDate;
 
+    @ACL
     @Parameter(name = ApiConstants.ACCOUNT_ID, type = CommandType.UUID, entityType = AccountResponse.class, description = "List usage records for the specified account")
     private Long accountId;
 
@@ -104,7 +108,14 @@ public void setStartDate(Date startDate) {
 
     @Override
     public long getEntityOwnerId() {
-       return _accountService.getActiveAccountByName(accountName, domainId).getAccountId();
+        if (accountId != null) {
+            return accountId;
+        }
+        Account account = _accountService.getActiveAccountByName(accountName, domainId);
+        if (account != null) {
+            return account.getAccountId();
+        }
+        return Account.ACCOUNT_ID_SYSTEM;
     }
 
     @Override
diff --git a/plugins/database/quota/src/main/java/org/apache/cloudstack/api/command/QuotaCreditsCmd.java b/plugins/database/quota/src/main/java/org/apache/cloudstack/api/command/QuotaCreditsCmd.java
index c47c0ad2d763..e83d52f94f41 100644
--- a/plugins/database/quota/src/main/java/org/apache/cloudstack/api/command/QuotaCreditsCmd.java
+++ b/plugins/database/quota/src/main/java/org/apache/cloudstack/api/command/QuotaCreditsCmd.java
@@ -18,6 +18,7 @@
 
 import com.cloud.user.Account;
 
+import org.apache.cloudstack.api.ACL;
 import org.apache.cloudstack.api.APICommand;
 import org.apache.cloudstack.api.ApiConstants;
 import org.apache.cloudstack.api.ApiErrorCode;
@@ -48,6 +49,7 @@ public class QuotaCreditsCmd extends BaseCmd {
     @Parameter(name = ApiConstants.ACCOUNT, type = CommandType.STRING, required = true, description = "Account Id for which quota credits need to be added")
     private String accountName;
 
+    @ACL
     @Parameter(name = ApiConstants.DOMAIN_ID, type = CommandType.UUID, required = true, entityType = DomainResponse.class, description = "Domain for which quota credits need to be added")
     private Long domainId;
 
@@ -132,6 +134,10 @@ public void execute() {
 
     @Override
     public long getEntityOwnerId() {
+        Account account = _accountService.getActiveAccountByName(accountName, domainId);
+        if (account != null) {
+            return account.getAccountId();
+        }
         return Account.ACCOUNT_ID_SYSTEM;
     }
 
diff --git a/plugins/database/quota/src/main/java/org/apache/cloudstack/api/command/QuotaStatementCmd.java b/plugins/database/quota/src/main/java/org/apache/cloudstack/api/command/QuotaStatementCmd.java
index 4d1c233c37a3..3219ba1448fc 100644
--- a/plugins/database/quota/src/main/java/org/apache/cloudstack/api/command/QuotaStatementCmd.java
+++ b/plugins/database/quota/src/main/java/org/apache/cloudstack/api/command/QuotaStatementCmd.java
@@ -21,6 +21,7 @@
 
 import javax.inject.Inject;
 
+import org.apache.cloudstack.api.ACL;
 import org.apache.cloudstack.api.APICommand;
 import org.apache.cloudstack.api.ApiConstants;
 import org.apache.cloudstack.api.BaseCmd;
@@ -44,6 +45,7 @@ public class QuotaStatementCmd extends BaseCmd {
     @Parameter(name = ApiConstants.ACCOUNT, type = CommandType.STRING, required = true, description = "Optional, Account Id for which statement needs to be generated")
     private String accountName;
 
+    @ACL
     @Parameter(name = ApiConstants.DOMAIN_ID, type = CommandType.UUID, required = true, entityType = DomainResponse.class, description = "Optional, If domain Id is given and the caller is domain admin then the statement is generated for domain.")
     private Long domainId;
 
@@ -56,6 +58,7 @@ public class QuotaStatementCmd extends BaseCmd {
     @Parameter(name = ApiConstants.TYPE, type = CommandType.INTEGER, description = "List quota usage records for the specified usage type")
     private Integer usageType;
 
+    @ACL
     @Parameter(name = ApiConstants.ACCOUNT_ID, type = CommandType.UUID, entityType = AccountResponse.class, description = "List usage records for the specified account")
     private Long accountId;
 
@@ -112,6 +115,9 @@ public void setStartDate(Date startDate) {
 
     @Override
     public long getEntityOwnerId() {
+        if (accountId != null) {
+            return accountId;
+        }
         Account activeAccountByName = _accountService.getActiveAccountByName(accountName, domainId);
         if (activeAccountByName != null) {
             return activeAccountByName.getAccountId();
diff --git a/plugins/network-elements/juniper-contrail/src/test/java/org/apache/cloudstack/network/contrail/management/MockAccountManager.java b/plugins/network-elements/juniper-contrail/src/test/java/org/apache/cloudstack/network/contrail/management/MockAccountManager.java
index 67cfe1df3e1b..a3fac2c8be92 100644
--- a/plugins/network-elements/juniper-contrail/src/test/java/org/apache/cloudstack/network/contrail/management/MockAccountManager.java
+++ b/plugins/network-elements/juniper-contrail/src/test/java/org/apache/cloudstack/network/contrail/management/MockAccountManager.java
@@ -451,6 +451,11 @@ public void checkAccess(Account account, AccessType accessType, boolean sameOwne
         // TODO Auto-generated method stub
     }
 
+    @Override
+    public void validateAccountHasAccessToResource(Account account, AccessType accessType, Object resource) {
+        // TODO Auto-generated method stub
+    }
+
     @Override
     public Long finalyzeAccountId(String accountName, Long domainId, Long projectId, boolean enabledOnly) {
         // TODO Auto-generated method stub
diff --git a/server/src/main/java/com/cloud/api/dispatch/ParamProcessWorker.java b/server/src/main/java/com/cloud/api/dispatch/ParamProcessWorker.java
index 9f07db4b033b..b11a5282e627 100644
--- a/server/src/main/java/com/cloud/api/dispatch/ParamProcessWorker.java
+++ b/server/src/main/java/com/cloud/api/dispatch/ParamProcessWorker.java
@@ -32,8 +32,6 @@
 
 import javax.inject.Inject;
 
-import org.apache.cloudstack.acl.ControlledEntity;
-import org.apache.cloudstack.acl.InfrastructureEntity;
 import org.apache.cloudstack.acl.SecurityChecker;
 import org.apache.cloudstack.acl.SecurityChecker.AccessType;
 import org.apache.cloudstack.api.ACL;
@@ -288,40 +286,43 @@ public void processParameters(final BaseCmd cmd, final Map params) {
         doAccessChecks(cmd, entitiesToAccess);
     }
 
-    private void doAccessChecks(BaseCmd cmd, Map<Object, AccessType> entitiesToAccess) {
+    protected void doAccessChecks(BaseCmd cmd, Map<Object, AccessType> entitiesToAccess) {
+        Account[] owners = getEntityOwners(cmd);
+
         Account caller = CallContext.current().getCallingAccount();
+        if (cmd instanceof BaseAsyncCreateCmd) {
+            // check that caller can access the owner account.
+            _accountMgr.checkAccess(caller, null, false, owners);
+        }
+
+        checkCallerAccessToEntities(caller, owners, entitiesToAccess);
+    }
+
+    protected Account[] getEntityOwners(BaseCmd cmd) {
         List<Long> entityOwners = cmd.getEntityOwnerIds();
-        Account[] owners = null;
         if (entityOwners != null) {
-            owners = entityOwners.stream().map(id -> _accountMgr.getAccount(id)).toArray(Account[]::new);
+            return entityOwners.stream().map(id -> _accountMgr.getAccount(id)).toArray(Account[]::new);
+        }
+
+        if (cmd.getEntityOwnerId() == Account.ACCOUNT_ID_SYSTEM && cmd instanceof BaseAsyncCmd && cmd.getApiResourceType() == ApiCommandResourceType.Network) {
+            s_logger.debug("Skipping access check on the network owner if the owner is ROOT/system.");
         } else {
-            if (cmd.getEntityOwnerId() == Account.ACCOUNT_ID_SYSTEM && cmd instanceof BaseAsyncCmd && ((BaseAsyncCmd)cmd).getApiResourceType() == ApiCommandResourceType.Network) {
-                if (s_logger.isDebugEnabled()) {
-                    s_logger.debug("Skipping access check on the network owner if the owner is ROOT/system.");
-                }
-                owners = new Account[]{};
-            } else {
-                owners = new Account[]{_accountMgr.getAccount(cmd.getEntityOwnerId())};
+            Account owner = _accountMgr.getAccount(cmd.getEntityOwnerId());
+            if (owner != null) {
+                return new Account[]{owner};
             }
         }
+        return new Account[]{};
+    }
 
-        if (cmd instanceof BaseAsyncCreateCmd) {
-            // check that caller can access the owner account.
-            _accountMgr.checkAccess(caller, null, false, owners);
+    protected void checkCallerAccessToEntities(Account caller, Account[] owners, Map<Object, AccessType> entitiesToAccess) {
+        if (entitiesToAccess.isEmpty()) {
+            return;
         }
-
-        if (!entitiesToAccess.isEmpty()) {
-            // check that caller can access the owner account.
-            _accountMgr.checkAccess(caller, null, false, owners);
-            for (Map.Entry<Object,AccessType>entry : entitiesToAccess.entrySet()) {
-                Object entity = entry.getKey();
-                if (entity instanceof ControlledEntity) {
-                    _accountMgr.checkAccess(caller, entry.getValue(), true, (ControlledEntity) entity);
-                } else if (entity instanceof InfrastructureEntity) {
-                    // FIXME: Move this code in adapter, remove code from
-                    // Account manager
-                }
-            }
+        _accountMgr.checkAccess(caller, null, false, owners);
+        for (Map.Entry<Object, AccessType> entry : entitiesToAccess.entrySet()) {
+            Object entity = entry.getKey();
+            _accountMgr.validateAccountHasAccessToResource(caller, entry.getValue(), entity);
         }
     }
 
diff --git a/server/src/main/java/com/cloud/user/AccountManagerImpl.java b/server/src/main/java/com/cloud/user/AccountManagerImpl.java
index 0a0d9265ac48..c7ceb00cb575 100644
--- a/server/src/main/java/com/cloud/user/AccountManagerImpl.java
+++ b/server/src/main/java/com/cloud/user/AccountManagerImpl.java
@@ -43,6 +43,7 @@
 
 import org.apache.cloudstack.acl.APIChecker;
 import org.apache.cloudstack.acl.ControlledEntity;
+import org.apache.cloudstack.acl.InfrastructureEntity;
 import org.apache.cloudstack.acl.QuerySelector;
 import org.apache.cloudstack.acl.Role;
 import org.apache.cloudstack.acl.RoleService;
@@ -722,6 +723,19 @@ public void checkAccess(Account caller, AccessType accessType, boolean sameOwner
 
     }
 
+    @Override
+    public void validateAccountHasAccessToResource(Account account, AccessType accessType, Object resource) {
+        Class<?> resourceClass = resource.getClass();
+        if (ControlledEntity.class.isAssignableFrom(resourceClass)) {
+            checkAccess(account, accessType, true, (ControlledEntity) resource);
+        } else if (Domain.class.isAssignableFrom(resourceClass)) {
+            checkAccess(account, (Domain) resource);
+        } else if (InfrastructureEntity.class.isAssignableFrom(resourceClass)) {
+            s_logger.trace("Validation of access to infrastructure entity has been disabled in CloudStack version 4.4.");
+        }
+        s_logger.debug(String.format("Account [%s] has access to resource.", account.getUuid()));
+    }
+
     @Override
     public Long checkAccessAndSpecifyAuthority(Account caller, Long zoneId) {
         // We just care for resource domain admins for now, and they should be permitted to see only their zone.
diff --git a/server/src/test/java/com/cloud/api/dispatch/ParamProcessWorkerTest.java b/server/src/test/java/com/cloud/api/dispatch/ParamProcessWorkerTest.java
index cf2a43eceda9..0604405f4a55 100644
--- a/server/src/test/java/com/cloud/api/dispatch/ParamProcessWorkerTest.java
+++ b/server/src/test/java/com/cloud/api/dispatch/ParamProcessWorkerTest.java
@@ -18,18 +18,10 @@
  */
 package com.cloud.api.dispatch;
 
-import com.cloud.exception.ConcurrentOperationException;
-import com.cloud.exception.InsufficientCapacityException;
-import com.cloud.exception.NetworkRuleConflictException;
-import com.cloud.exception.ResourceAllocationException;
-import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.user.Account;
-import com.cloud.user.AccountManager;
-import com.cloud.user.User;
-import org.apache.cloudstack.api.BaseCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.context.CallContext;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
 import org.junit.After;
 import org.junit.Assert;
 import org.junit.Before;
@@ -37,17 +29,53 @@
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.Mockito;
-import org.mockito.runners.MockitoJUnitRunner;
+import org.mockito.InjectMocks;
+import org.mockito.Spy;
 
-import java.util.HashMap;
+import org.mockito.junit.MockitoJUnitRunner;
+
+import org.apache.cloudstack.api.BaseCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.command.user.address.AssociateIPAddrCmd;
+import org.apache.cloudstack.acl.SecurityChecker;
+import org.apache.cloudstack.context.CallContext;
+
+import com.cloud.exception.ConcurrentOperationException;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.NetworkRuleConflictException;
+import com.cloud.exception.ResourceAllocationException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.user.Account;
+import com.cloud.user.AccountManager;
+import com.cloud.user.User;
+import com.cloud.vm.VMInstanceVO;
 
 @RunWith(MockitoJUnitRunner.class)
 public class ParamProcessWorkerTest {
 
+    @Spy
+    @InjectMocks
+    private ParamProcessWorker paramProcessWorkerSpy;
+
+    @Mock
+    private AccountManager accountManagerMock;
+
+    @Mock
+    private Account callingAccountMock;
+
     @Mock
-    protected AccountManager accountManager;
+    private User callingUserMock;
 
-    protected ParamProcessWorker paramProcessWorker;
+    @Mock
+    private Account ownerAccountMock;
+
+    @Mock
+    BaseCmd baseCmdMock;
+
+    private Account[] owners = new Account[]{ownerAccountMock};
+
+    private Map<Object, SecurityChecker.AccessType> entities = new HashMap<>();
 
     public static class TestCmd extends BaseCmd {
 
@@ -65,7 +93,7 @@ public static class TestCmd extends BaseCmd {
 
         @Override
         public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException, ConcurrentOperationException,
-            ResourceAllocationException, NetworkRuleConflictException {
+                ResourceAllocationException, NetworkRuleConflictException {
             // well documented nothing
         }
 
@@ -83,9 +111,7 @@ public long getEntityOwnerId() {
 
     @Before
     public void setup() {
-        CallContext.register(Mockito.mock(User.class), Mockito.mock(Account.class));
-        paramProcessWorker = new ParamProcessWorker();
-        paramProcessWorker._accountMgr = accountManager;
+        CallContext.register(callingUserMock, callingAccountMock);
     }
 
     @After
@@ -101,10 +127,71 @@ public void processParameters() {
         params.put("boolparam1", "true");
         params.put("doubleparam1", "11.89");
         final TestCmd cmd = new TestCmd();
-        paramProcessWorker.processParameters(cmd, params);
+        paramProcessWorkerSpy.processParameters(cmd, params);
         Assert.assertEquals("foo", cmd.strparam1);
         Assert.assertEquals(100, cmd.intparam1);
         Assert.assertTrue(Double.compare(cmd.doubleparam1, 11.89) == 0);
+        Mockito.verify(paramProcessWorkerSpy).doAccessChecks(Mockito.any(), Mockito.any());
+    }
+
+    @Test
+    public void doAccessChecksTestChecksCallerAccessToOwnerWhenCmdExtendsBaseAsyncCreateCmd() {
+        Mockito.doReturn(owners).when(paramProcessWorkerSpy).getEntityOwners(Mockito.any());
+        Mockito.doNothing().when(paramProcessWorkerSpy).checkCallerAccessToEntities(Mockito.any(), Mockito.any(), Mockito.any());
+
+        paramProcessWorkerSpy.doAccessChecks(new AssociateIPAddrCmd(), entities);
+
+        Mockito.verify(accountManagerMock).checkAccess(callingAccountMock, null, false, owners);
+    }
+
+    @Test
+    public void doAccessChecksTestChecksCallerAccessToEntities() {
+        Mockito.doReturn(owners).when(paramProcessWorkerSpy).getEntityOwners(Mockito.any());
+        Mockito.doNothing().when(paramProcessWorkerSpy).checkCallerAccessToEntities(Mockito.any(), Mockito.any(), Mockito.any());
+
+        paramProcessWorkerSpy.doAccessChecks(new AssociateIPAddrCmd(), entities);
+
+        Mockito.verify(paramProcessWorkerSpy).checkCallerAccessToEntities(callingAccountMock, owners, entities);
+    }
+
+    @Test
+    public void getEntityOwnersTestReturnsAccountsWhenCmdHasMultipleEntityOwners() {
+        Mockito.when(baseCmdMock.getEntityOwnerIds()).thenReturn(List.of(1L, 2L));
+        Mockito.doReturn(callingAccountMock).when(accountManagerMock).getAccount(1L);
+        Mockito.doReturn(ownerAccountMock).when(accountManagerMock).getAccount(2L);
+
+        List<Account> result = List.of(paramProcessWorkerSpy.getEntityOwners(baseCmdMock));
+
+        Assert.assertEquals(List.of(callingAccountMock, ownerAccountMock), result);
     }
 
+    @Test
+    public void getEntityOwnersTestReturnsAccountWhenCmdHasOneEntityOwner() {
+        Mockito.when(baseCmdMock.getEntityOwnerId()).thenReturn(1L);
+        Mockito.when(baseCmdMock.getEntityOwnerIds()).thenReturn(null);
+        Mockito.doReturn(ownerAccountMock).when(accountManagerMock).getAccount(1L);
+
+        List<Account> result = List.of(paramProcessWorkerSpy.getEntityOwners(baseCmdMock));
+
+        Assert.assertEquals(List.of(ownerAccountMock), result);
+    }
+
+    @Test
+    public void checkCallerAccessToEntitiesTestChecksCallerAccessToOwners() {
+        entities.put(ownerAccountMock, SecurityChecker.AccessType.UseEntry);
+
+        paramProcessWorkerSpy.checkCallerAccessToEntities(callingAccountMock, owners, entities);
+
+        Mockito.verify(accountManagerMock).checkAccess(callingAccountMock, null, false, owners);
+    }
+
+    @Test
+    public void checkCallerAccessToEntitiesTestChecksCallerAccessToResource() {
+        VMInstanceVO vmInstanceVo = new VMInstanceVO();
+        entities.put(vmInstanceVo, SecurityChecker.AccessType.UseEntry);
+
+        paramProcessWorkerSpy.checkCallerAccessToEntities(callingAccountMock, owners, entities);
+
+        Mockito.verify(accountManagerMock).validateAccountHasAccessToResource(callingAccountMock, SecurityChecker.AccessType.UseEntry, vmInstanceVo);
+    }
 }
diff --git a/server/src/test/java/com/cloud/user/MockAccountManagerImpl.java b/server/src/test/java/com/cloud/user/MockAccountManagerImpl.java
index fe7748b85815..f85589924409 100644
--- a/server/src/test/java/com/cloud/user/MockAccountManagerImpl.java
+++ b/server/src/test/java/com/cloud/user/MockAccountManagerImpl.java
@@ -438,6 +438,11 @@ public void checkAccess(Account account, AccessType accessType, boolean sameOwne
         // TODO Auto-generated method stub
     }
 
+    @Override
+    public void validateAccountHasAccessToResource(Account account, AccessType accessType, Object resource) {
+        // TODO Auto-generated method stub
+    }
+
     @Override
     public Long finalyzeAccountId(String accountName, Long domainId, Long projectId, boolean enabledOnly) {
         // TODO Auto-generated method stub

From 4fa22f4d5881406353d3dfeadb68050e2242fdb8 Mon Sep 17 00:00:00 2001
From: Daniel Augusto Veronezi Salvador <gutoveronezi@apache.org>
Date: Fri, 30 Aug 2024 19:03:28 -0300
Subject: [PATCH 17/24] Validate QCOW2 on upload and register

---
 .../formatinspector/Qcow2HeaderField.java     |  51 ++++
 .../formatinspector/Qcow2Inspector.java       | 267 ++++++++++++++++++
 .../resource/NfsSecondaryStorageResource.java |  14 +-
 .../storage/template/DownloadManagerImpl.java |  39 ++-
 4 files changed, 360 insertions(+), 11 deletions(-)
 create mode 100644 services/secondary-storage/server/src/main/java/org/apache/cloudstack/storage/formatinspector/Qcow2HeaderField.java
 create mode 100644 services/secondary-storage/server/src/main/java/org/apache/cloudstack/storage/formatinspector/Qcow2Inspector.java

diff --git a/services/secondary-storage/server/src/main/java/org/apache/cloudstack/storage/formatinspector/Qcow2HeaderField.java b/services/secondary-storage/server/src/main/java/org/apache/cloudstack/storage/formatinspector/Qcow2HeaderField.java
new file mode 100644
index 000000000000..4a8e8b51a479
--- /dev/null
+++ b/services/secondary-storage/server/src/main/java/org/apache/cloudstack/storage/formatinspector/Qcow2HeaderField.java
@@ -0,0 +1,51 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package org.apache.cloudstack.storage.formatinspector;
+
+public enum Qcow2HeaderField {
+    MAGIC(0, 4),
+    VERSION(4, 4),
+    BACKING_FILE_OFFSET(8, 8),
+    BACKING_FILE_NAME_LENGTH(16, 4),
+    CLUSTER_BITS(20, 4),
+    SIZE(24, 8),
+    CRYPT_METHOD(32, 4),
+    L1_SIZE(36, 4),
+    LI_TABLE_OFFSET(40, 8),
+    REFCOUNT_TABLE_OFFSET(48, 8),
+    REFCOUNT_TABLE_CLUSTERS(56, 4),
+    NB_SNAPSHOTS(60, 4),
+    SNAPSHOTS_OFFSET(64, 8),
+    INCOMPATIBLE_FEATURES(72, 8);
+
+    private final int offset;
+    private final int length;
+
+    Qcow2HeaderField(int offset, int length) {
+        this.offset = offset;
+        this.length = length;
+    }
+
+    public int getLength() {
+        return length;
+    }
+
+    public int getOffset() {
+        return offset;
+    }
+}
diff --git a/services/secondary-storage/server/src/main/java/org/apache/cloudstack/storage/formatinspector/Qcow2Inspector.java b/services/secondary-storage/server/src/main/java/org/apache/cloudstack/storage/formatinspector/Qcow2Inspector.java
new file mode 100644
index 000000000000..1ad2076a12d1
--- /dev/null
+++ b/services/secondary-storage/server/src/main/java/org/apache/cloudstack/storage/formatinspector/Qcow2Inspector.java
@@ -0,0 +1,267 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package org.apache.cloudstack.storage.formatinspector;
+
+import com.cloud.utils.NumbersUtil;
+import org.apache.commons.lang3.ArrayUtils;
+import org.apache.log4j.Logger;
+
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Set;
+
+/**
+ * Class to inspect QCOW2 files/objects. In our context, a QCOW2 might be a threat to the environment if it meets one of the following criteria when coming from external sources
+ * (like registering or uploading volumes and templates):
+ * <ul>
+ *   <li>has a backing file reference;</li>
+ *   <li>has an external data file reference;</li>
+ *   <li>has unknown incompatible features.</li>
+ * </ul>
+ *
+ * The implementation was done based on the <a href="https://gitlab.com/qemu-project/qemu/-/blob/master/docs/interop/qcow2.txt"> QEMU's official interoperability documentation</a>
+ * and on the <a href="https://review.opendev.org/c/openstack/cinder/+/923247/2/cinder/image/format_inspector.py">OpenStack's Cinder implementation for Python</a>.
+ */
+public class Qcow2Inspector {
+    protected static Logger LOGGER = Logger.getLogger(Qcow2Inspector.class);
+
+    private static final byte[] QCOW_MAGIC_STRING = ArrayUtils.add("QFI".getBytes(), (byte) 0xfb);
+    private static final int INCOMPATIBLE_FEATURES_MAX_KNOWN_BIT = 4;
+    private static final int INCOMPATIBLE_FEATURES_MAX_KNOWN_BYTE = 0;
+    private static final int EXTERNAL_DATA_FILE_BYTE_POSITION = 7;
+    private static final int EXTERNAL_DATA_FILE_BIT = 2;
+    private static final byte EXTERNAL_DATA_FILE_BITMASK = (byte) (1 << EXTERNAL_DATA_FILE_BIT);
+
+    private static final Set<Qcow2HeaderField> SET_OF_HEADER_FIELDS_TO_READ = Set.of(Qcow2HeaderField.MAGIC,
+            Qcow2HeaderField.VERSION,
+            Qcow2HeaderField.SIZE,
+            Qcow2HeaderField.BACKING_FILE_OFFSET,
+            Qcow2HeaderField.INCOMPATIBLE_FEATURES);
+
+    /**
+     * Validates if the file is a valid and allowed QCOW2 (i.e.: does not contain external references).
+     * @param filePath Path of the file to be validated.
+     * @throws RuntimeException If the QCOW2 file meets one of the following criteria:
+     * <ul>
+     *   <li>has a backing file reference;</li>
+     *   <li>has an external data file reference;</li>
+     *   <li>has unknown incompatible features.</li>
+     * </ul>
+     */
+    public static void validateQcow2File(String filePath) throws RuntimeException {
+        LOGGER.info(String.format("Verifying if [%s] is a valid and allowed QCOW2 file .", filePath));
+
+        Map<String, byte[]> headerFieldsAndValues;
+        try (InputStream inputStream = new FileInputStream(filePath)) {
+            headerFieldsAndValues = unravelQcow2Header(inputStream, filePath);
+        } catch (IOException ex) {
+            throw new RuntimeException(String.format("Unable to validate file [%s] due to: ", filePath), ex);
+        }
+
+        validateQcow2HeaderFields(headerFieldsAndValues, filePath);
+
+        LOGGER.info(String.format("[%s] is a valid and allowed QCOW2 file.", filePath));
+    }
+
+    /**
+     * Unravels the QCOW2 header in a serial fashion, iterating through the {@link Qcow2HeaderField}, reading the fields specified in
+     * {@link Qcow2Inspector#SET_OF_HEADER_FIELDS_TO_READ} and skipping the others.
+     * @param qcow2InputStream InputStream of the QCOW2 being unraveled.
+     * @param qcow2LogReference A reference (like the filename) of the QCOW2 being unraveled to print in the logs and exceptions.
+     * @return A map of the header fields and their values according to the {@link Qcow2Inspector#SET_OF_HEADER_FIELDS_TO_READ}.
+     * @throws IOException If the field cannot be read or skipped.
+     */
+    public static Map<String, byte[]> unravelQcow2Header(InputStream qcow2InputStream, String qcow2LogReference) throws IOException {
+        Map<String, byte[]> result = new HashMap<>();
+
+        LOGGER.debug(String.format("Unraveling QCOW2 [%s] headers.", qcow2LogReference));
+        for (Qcow2HeaderField qcow2Header : Qcow2HeaderField.values()) {
+            if (!SET_OF_HEADER_FIELDS_TO_READ.contains(qcow2Header)) {
+                skipHeader(qcow2InputStream, qcow2Header, qcow2LogReference);
+                continue;
+            }
+
+            byte[] headerValue = readHeader(qcow2InputStream, qcow2Header, qcow2LogReference);
+            result.put(qcow2Header.name(), headerValue);
+        }
+
+        return result;
+    }
+
+    /**
+     * Skips the field's length in the InputStream.
+     * @param qcow2InputStream InputStream of the QCOW2 being unraveled.
+     * @param field Field being skipped (name and length).
+     * @param qcow2LogReference A reference (like the filename) of the QCOW2 being unraveled to print in the logs and exceptions.
+     * @throws IOException If the bytes skipped do not match the field length.
+     */
+    protected static void skipHeader(InputStream qcow2InputStream, Qcow2HeaderField field, String qcow2LogReference) throws IOException {
+        LOGGER.trace(String.format("Skipping field [%s] of QCOW2 [%s].", field, qcow2LogReference));
+
+        if (qcow2InputStream.skip(field.getLength()) != field.getLength()) {
+            throw new IOException(String.format("Unable to skip field [%s] of QCOW2 [%s].", field, qcow2LogReference));
+        }
+    }
+
+    /**
+     * Reads the field's length in the InputStream.
+     * @param qcow2InputStream InputStream of the QCOW2 being unraveled.
+     * @param field Field being read (name and length).
+     * @param qcow2LogReference A reference (like the filename) of the QCOW2 being unraveled to print in the logs and exceptions.
+     * @throws IOException If the bytes read do not match the field length.
+     */
+    protected static byte[] readHeader(InputStream qcow2InputStream, Qcow2HeaderField field, String qcow2LogReference) throws IOException {
+        byte[] readBytes = new byte[field.getLength()];
+
+        LOGGER.trace(String.format("Reading field [%s] of QCOW2 [%s].", field, qcow2LogReference));
+        if (qcow2InputStream.read(readBytes) != field.getLength()) {
+            throw new IOException(String.format("Unable to read field [%s] of QCOW2 [%s].", field, qcow2LogReference));
+        }
+
+        LOGGER.trace(String.format("Read %s as field [%s] of QCOW2 [%s].", ArrayUtils.toString(readBytes), field, qcow2LogReference));
+        return readBytes;
+    }
+
+    /**
+     * Validates the values of the header fields {@link Qcow2HeaderField#MAGIC}, {@link Qcow2HeaderField#BACKING_FILE_OFFSET}, and {@link Qcow2HeaderField#INCOMPATIBLE_FEATURES}.
+     * @param headerFieldsAndValues A map of the header fields and their values.
+     * @param qcow2LogReference A reference (like the filename) of the QCOW2 being unraveled to print in the logs and exceptions.
+     * @throws SecurityException If the QCOW2 does not contain the QCOW magic string or contains a backing file reference or incompatible features.
+     */
+    public static void validateQcow2HeaderFields(Map<String, byte[]> headerFieldsAndValues, String qcow2LogReference) throws SecurityException{
+        byte[] fieldValue = headerFieldsAndValues.get(Qcow2HeaderField.MAGIC.name());
+        validateQcowMagicString(fieldValue, qcow2LogReference);
+
+        fieldValue = headerFieldsAndValues.get(Qcow2HeaderField.BACKING_FILE_OFFSET.name());
+        validateAbsenceOfBackingFileReference(NumbersUtil.bytesToLong(fieldValue), qcow2LogReference);
+
+        fieldValue = headerFieldsAndValues.get(Qcow2HeaderField.INCOMPATIBLE_FEATURES.name());
+        validateAbsenceOfIncompatibleFeatures(fieldValue, qcow2LogReference);
+    }
+
+    /**
+     * Verifies if the first 4 bytes of the header are the QCOW magic string. Throws an exception if not.
+     * @param headerMagicString The first 4 bytes of the header.
+     * @param qcow2LogReference A reference (like the filename) of the QCOW2 being unraveled to print in the logs and exceptions.
+     * @throws SecurityException If the header's magic string is not the QCOW magic string.
+     */
+    private static void validateQcowMagicString(byte[] headerMagicString, String qcow2LogReference) throws SecurityException {
+        LOGGER.debug(String.format("Verifying if [%s] has a valid QCOW magic string.", qcow2LogReference));
+
+        if (!Arrays.equals(QCOW_MAGIC_STRING, headerMagicString)) {
+            throw new SecurityException(String.format("[%s] is not a valid QCOW2 because its first 4 bytes are not the QCOW magic string.", qcow2LogReference));
+        }
+
+        LOGGER.debug(String.format("[%s] has a valid QCOW magic string.", qcow2LogReference));
+    }
+
+    /**
+     * Verifies if the QCOW2 has a backing file and throws an exception if so.
+     * @param backingFileOffset The backing file offset value of the QCOW2 header.
+     * @param qcow2LogReference A reference (like the filename) of the QCOW2 being unraveled to print in the logs and exceptions.
+     * @throws SecurityException If the QCOW2 has a backing file reference.
+     */
+    private static void validateAbsenceOfBackingFileReference(long backingFileOffset, String qcow2LogReference) throws SecurityException {
+        LOGGER.debug(String.format("Verifying if [%s] has a backing file reference.", qcow2LogReference));
+
+        if (backingFileOffset != 0) {
+            throw new SecurityException(String.format("[%s] has a backing file reference. This can be an attack to the infrastructure; therefore, we will not accept" +
+                    " this QCOW2.", qcow2LogReference));
+        }
+
+        LOGGER.debug(String.format("[%s] does not have a backing file reference.", qcow2LogReference));
+    }
+
+    /**
+     * Verifies if the QCOW2 has incompatible features and throw an exception if it has an external data file reference or unknown incompatible features.
+     * @param incompatibleFeatures The incompatible features bytes of the QCOW2 header.
+     * @param qcow2LogReference A reference (like the filename) of the QCOW2 being unraveled to print in the logs and exceptions.
+     * @throws SecurityException If the QCOW2 has an external data file reference or unknown incompatible features.
+     */
+    private static void validateAbsenceOfIncompatibleFeatures(byte[] incompatibleFeatures, String qcow2LogReference) throws SecurityException {
+        LOGGER.debug(String.format("Verifying if [%s] has incompatible features.", qcow2LogReference));
+
+        if (NumbersUtil.bytesToLong(incompatibleFeatures) == 0) {
+            LOGGER.debug(String.format("[%s] does not have incompatible features.", qcow2LogReference));
+            return;
+        }
+
+        LOGGER.debug(String.format("[%s] has incompatible features.", qcow2LogReference));
+
+        validateAbsenceOfExternalDataFileReference(incompatibleFeatures, qcow2LogReference);
+        validateAbsenceOfUnknownIncompatibleFeatures(incompatibleFeatures, qcow2LogReference);
+    }
+
+    /**
+     * Verifies if the QCOW2 has an external data file reference and throw an exception if so.
+     * @param incompatibleFeatures The incompatible features bytes of the QCOW2 header.
+     * @param qcow2LogReference A reference (like the filename) of the QCOW2 being unraveled to print in the logs and exceptions.
+     * @throws SecurityException If the QCOW2 has an external data file reference.
+     */
+    private static void validateAbsenceOfExternalDataFileReference(byte[] incompatibleFeatures, String qcow2LogReference) throws SecurityException {
+        LOGGER.debug(String.format("Verifying if [%s] has an external data file reference.", qcow2LogReference));
+
+        if ((incompatibleFeatures[EXTERNAL_DATA_FILE_BYTE_POSITION] & EXTERNAL_DATA_FILE_BITMASK) != 0) {
+            throw new SecurityException(String.format("[%s] has an external data file reference. This can be an attack to the infrastructure; therefore, we will discard" +
+                    " this file.", qcow2LogReference));
+        }
+
+        LOGGER.info(String.format("[%s] does not have an external data file reference.", qcow2LogReference));
+    }
+
+    /**
+     * Verifies if the QCOW2 has unknown incompatible features and throw an exception if so.
+     * <br/><br/>
+     * Unknown incompatible features are those with bit greater than
+     * {@link Qcow2Inspector#INCOMPATIBLE_FEATURES_MAX_KNOWN_BIT}, which will be the represented by bytes in positions greater than
+     * {@link Qcow2Inspector#INCOMPATIBLE_FEATURES_MAX_KNOWN_BYTE} (in Big Endian order). Therefore, we expect that those bytes are always zero. If not, an exception is thrown.
+     * @param incompatibleFeatures The incompatible features bytes of the QCOW2 header.
+     * @param qcow2LogReference A reference (like the filename) of the QCOW2 being unraveled to print in the logs and exceptions.
+     * @throws SecurityException If the QCOW2 has unknown incompatible features.
+     */
+    private static void validateAbsenceOfUnknownIncompatibleFeatures(byte[] incompatibleFeatures, String qcow2LogReference) throws SecurityException {
+        LOGGER.debug(String.format("Verifying if [%s] has unknown incompatible features [%s].", qcow2LogReference, ArrayUtils.toString(incompatibleFeatures)));
+
+        for (int byteNum = incompatibleFeatures.length - 1; byteNum >= 0; byteNum--) {
+            int bytePosition = incompatibleFeatures.length - 1 - byteNum;
+            LOGGER.trace(String.format("Looking for unknown incompatible feature bit in position [%s].", bytePosition));
+
+            byte bitmask = 0;
+            if (byteNum == INCOMPATIBLE_FEATURES_MAX_KNOWN_BYTE) {
+                bitmask = ((1 << INCOMPATIBLE_FEATURES_MAX_KNOWN_BIT) - 1);
+            }
+
+            LOGGER.trace(String.format("Bitmask for byte in position [%s] is [%s].", bytePosition, Integer.toBinaryString(bitmask)));
+
+            int featureBit = incompatibleFeatures[bytePosition] & ~bitmask;
+            if (featureBit != 0) {
+                throw new SecurityException(String.format("Found unknown incompatible feature bit [%s] in byte [%s] of [%s]. This can be an attack to the infrastructure; " +
+                        "therefore, we will discard this QCOW2.", featureBit, bytePosition + Qcow2HeaderField.INCOMPATIBLE_FEATURES.getOffset(), qcow2LogReference));
+            }
+
+            LOGGER.trace(String.format("Did not find unknown incompatible feature in position [%s].", bytePosition));
+        }
+
+        LOGGER.info(String.format("[%s] does not have unknown incompatible features.", qcow2LogReference));
+    }
+
+}
diff --git a/services/secondary-storage/server/src/main/java/org/apache/cloudstack/storage/resource/NfsSecondaryStorageResource.java b/services/secondary-storage/server/src/main/java/org/apache/cloudstack/storage/resource/NfsSecondaryStorageResource.java
index 41cf11025a1f..ceaa37926e99 100644
--- a/services/secondary-storage/server/src/main/java/org/apache/cloudstack/storage/resource/NfsSecondaryStorageResource.java
+++ b/services/secondary-storage/server/src/main/java/org/apache/cloudstack/storage/resource/NfsSecondaryStorageResource.java
@@ -71,6 +71,7 @@
 import org.apache.cloudstack.storage.command.browser.ListDataStoreObjectsCommand;
 import org.apache.cloudstack.storage.configdrive.ConfigDrive;
 import org.apache.cloudstack.storage.configdrive.ConfigDriveBuilder;
+import org.apache.cloudstack.storage.formatinspector.Qcow2Inspector;
 import org.apache.cloudstack.storage.template.DownloadManager;
 import org.apache.cloudstack.storage.template.DownloadManagerImpl;
 import org.apache.cloudstack.storage.template.UploadEntity;
@@ -3482,8 +3483,19 @@ public String postUpload(String uuid, String filename, long processTimeout) {
             return result;
         }
 
+        String finalFilename = resourcePath + "/" + templateFilename;
+
+        if (ImageStoreUtil.isCorrectExtension(finalFilename, "qcow2")) {
+            try {
+                Qcow2Inspector.validateQcow2File(finalFilename);
+            } catch (RuntimeException e) {
+                s_logger.error(String.format("Uploaded file [%s] is not a valid QCOW2.", finalFilename), e);
+                return "The uploaded file is not a valid QCOW2. Ask the administrator to check the logs for more details.";
+            }
+        }
+
         // Set permissions for the downloaded template
-        File downloadedTemplate = new File(resourcePath + "/" + templateFilename);
+        File downloadedTemplate = new File(finalFilename);
         _storage.setWorldReadableAndWriteable(downloadedTemplate);
 
         // Set permissions for template/volume.properties
diff --git a/services/secondary-storage/server/src/main/java/org/apache/cloudstack/storage/template/DownloadManagerImpl.java b/services/secondary-storage/server/src/main/java/org/apache/cloudstack/storage/template/DownloadManagerImpl.java
index 11878ae64000..c946614934b9 100644
--- a/services/secondary-storage/server/src/main/java/org/apache/cloudstack/storage/template/DownloadManagerImpl.java
+++ b/services/secondary-storage/server/src/main/java/org/apache/cloudstack/storage/template/DownloadManagerImpl.java
@@ -16,8 +16,6 @@
 // under the License.
 package org.apache.cloudstack.storage.template;
 
-import static com.cloud.utils.NumbersUtil.toHumanReadableSize;
-
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.IOException;
@@ -51,9 +49,11 @@
 import org.apache.cloudstack.storage.resource.IpTablesHelper;
 import org.apache.cloudstack.storage.resource.NfsSecondaryStorageResource;
 import org.apache.cloudstack.storage.resource.SecondaryStorageResource;
+import org.apache.cloudstack.storage.formatinspector.Qcow2HeaderField;
+import org.apache.cloudstack.storage.formatinspector.Qcow2Inspector;
 import org.apache.cloudstack.utils.security.ChecksumValue;
 import org.apache.cloudstack.utils.security.DigestHelper;
-import org.apache.commons.lang3.StringUtils;
+
 import org.apache.log4j.Logger;
 
 import com.cloud.agent.api.storage.DownloadAnswer;
@@ -91,7 +91,9 @@
 import com.cloud.utils.exception.CloudRuntimeException;
 import com.cloud.utils.net.Proxy;
 import com.cloud.utils.script.Script;
-import com.cloud.utils.storage.QCOW2Utils;
+import com.cloud.utils.StringUtils;
+
+import static com.cloud.utils.NumbersUtil.toHumanReadableSize;
 
 public class DownloadManagerImpl extends ManagerBase implements DownloadManager {
     private String _name;
@@ -365,11 +367,17 @@ private String postRemoteDownload(String jobId) {
             // The QCOW2 is the only format with a header,
             // and as such can be easily read.
 
-            try (InputStream inputStream = td.getS3ObjectInputStream();) {
-                dnld.setTemplatesize(QCOW2Utils.getVirtualSize(inputStream, false));
-            }
-            catch (IOException e) {
-                result = "Couldn't read QCOW2 virtual size. Error: " + e.getMessage();
+            try (InputStream inputStream = td.getS3ObjectInputStream()) {
+                Map<String, byte[]> qcow2HeaderFieldsAndValues = Qcow2Inspector.unravelQcow2Header(inputStream, td.getDownloadUrl());
+                Qcow2Inspector.validateQcow2HeaderFields(qcow2HeaderFieldsAndValues, td.getDownloadUrl());
+
+                dnld.setTemplatesize(NumbersUtil.bytesToLong(qcow2HeaderFieldsAndValues.get(Qcow2HeaderField.SIZE.name())));
+            } catch (IOException ex) {
+                result = String.format("Unable to read QCOW2 metadata. Error: %s", ex.getMessage());
+                LOGGER.error(result, ex);
+            } catch (SecurityException ex) {
+                result = String.format("[%s] is not a valid QCOW2:", td.getDownloadUrl());
+                LOGGER.error(result, ex);
             }
 
         }
@@ -515,8 +523,19 @@ private String postLocalDownload(String jobId) {
             return result;
         }
 
+        String finalFilename = resourcePath + "/" + templateFilename;
+
+        if (ImageFormat.QCOW2.equals(dnld.getFormat())) {
+            try {
+                Qcow2Inspector.validateQcow2File(finalFilename);
+            } catch (RuntimeException e) {
+                LOGGER.error(String.format("The downloaded file [%s] is not a valid QCOW2.", finalFilename), e);
+                return "The downloaded file is not a valid QCOW2. Ask the administrator to check the logs for more details.";
+            }
+        }
+
         // Set permissions for the downloaded template
-        File downloadedTemplate = new File(resourcePath + "/" + templateFilename);
+        File downloadedTemplate = new File(finalFilename);
 
         _storage.setWorldReadableAndWriteable(downloadedTemplate);
         setPermissionsForTheDownloadedTemplate(resourcePath, resourceType);

From 13dd6983428a535a5d401bce106dd5da9a1b802a Mon Sep 17 00:00:00 2001
From: Wei Zhou <weizhou@apache.org>
Date: Tue, 10 Sep 2024 18:25:36 +0200
Subject: [PATCH 18/24] util: check JSESSIONID in cookies if user is passed

---
 .../command/ListAndSwitchSAMLAccountCmd.java  |   7 +-
 .../cloudstack/saml/SAML2AuthManager.java     |   3 +
 .../cloudstack/saml/SAML2AuthManagerImpl.java |   3 +-
 .../org/apache/cloudstack/saml/SAMLUtils.java |  25 ++++-
 .../ListAndSwitchSAMLAccountCmdTest.java      |  25 ++++-
 .../main/java/com/cloud/api/ApiServer.java    |  26 ++++-
 .../main/java/com/cloud/api/ApiServlet.java   | 102 +++++++++++-------
 test/integration/smoke/test_login.py          |   1 +
 ui/src/api/index.js                           |  10 ++
 ui/src/store/modules/user.js                  |   1 -
 .../main/java/com/cloud/utils/HttpUtils.java  |  42 ++++++--
 .../java/com/cloud/utils/HttpUtilsTest.java   |  86 ++++++++++++---
 12 files changed, 266 insertions(+), 65 deletions(-)

diff --git a/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/api/command/ListAndSwitchSAMLAccountCmd.java b/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/api/command/ListAndSwitchSAMLAccountCmd.java
index 25f056adf686..c2f81cd33563 100644
--- a/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/api/command/ListAndSwitchSAMLAccountCmd.java
+++ b/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/api/command/ListAndSwitchSAMLAccountCmd.java
@@ -48,6 +48,7 @@
 import org.apache.cloudstack.saml.SAMLUtils;
 import org.apache.log4j.Logger;
 
+import com.cloud.api.ApiServer;
 import com.cloud.api.response.ApiResponseSerializer;
 import com.cloud.domain.Domain;
 import com.cloud.domain.dao.DomainDao;
@@ -60,6 +61,8 @@
 import com.cloud.user.dao.UserDao;
 import com.cloud.utils.HttpUtils;
 
+import org.apache.commons.lang3.EnumUtils;
+
 @APICommand(name = "listAndSwitchSamlAccount", description = "Lists and switches to other SAML accounts owned by the SAML user", responseObject = SuccessResponse.class, requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
 public class ListAndSwitchSAMLAccountCmd extends BaseCmd implements APIAuthenticator {
     public static final Logger s_logger = Logger.getLogger(ListAndSwitchSAMLAccountCmd.class.getName());
@@ -104,7 +107,9 @@ public String authenticate(final String command, final Map<String, Object[]> par
                     params, responseType));
         }
 
-        if (!HttpUtils.validateSessionKey(session, params, req.getCookies(), ApiConstants.SESSIONKEY)) {
+        HttpUtils.ApiSessionKeyCheckOption sessionKeyCheckOption = EnumUtils.getEnumIgnoreCase(HttpUtils.ApiSessionKeyCheckOption.class,
+                ApiServer.ApiSessionKeyCheckLocations.value(), HttpUtils.ApiSessionKeyCheckOption.CookieAndParameter);
+        if (!HttpUtils.validateSessionKey(session, params, req.getCookies(), ApiConstants.SESSIONKEY, sessionKeyCheckOption)) {
             throw new ServerApiException(ApiErrorCode.UNAUTHORIZED, _apiServer.getSerializedApiError(ApiErrorCode.UNAUTHORIZED.getHttpCode(),
                     "Unauthorized session, please re-login",
                     params, responseType));
diff --git a/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAML2AuthManager.java b/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAML2AuthManager.java
index 3a4030f9c0d8..e10ea08012fa 100644
--- a/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAML2AuthManager.java
+++ b/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAML2AuthManager.java
@@ -73,6 +73,9 @@ public interface SAML2AuthManager extends PluggableAPIAuthenticator, PluggableSe
     ConfigKey<Boolean> SAMLCheckSignature = new ConfigKey<Boolean>("Advanced", Boolean.class, "saml2.check.signature", "true",
             "When enabled (default and recommended), SAML2 signature checks are enforced and lack of signature in the SAML SSO response will cause login exception. Disabling this is not advisable but provided for backward compatibility for users who are able to accept the risks.", false);
 
+    ConfigKey<String> SAMLUserSessionKeyPathAttribute = new ConfigKey<String>("Advanced", String.class, "saml2.user.sessionkey.path", "",
+            "The Path attribute of sessionkey cookie when SAML users have logged in. If not set, it will be set to the path of SAML redirection URL (saml2.redirect.url).", true);
+
     SAMLProviderMetadata getSPMetadata();
     SAMLProviderMetadata getIdPMetadata(String entityId);
     Collection<SAMLProviderMetadata> getAllIdPMetadata();
diff --git a/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java b/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java
index dfa76414fb74..aa1e0be91c71 100644
--- a/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java
+++ b/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java
@@ -542,6 +542,7 @@ public ConfigKey<?>[] getConfigKeys() {
                 SAMLServiceProviderSingleSignOnURL, SAMLServiceProviderSingleLogOutURL,
                 SAMLCloudStackRedirectionUrl, SAMLUserAttributeName,
                 SAMLIdentityProviderMetadataURL, SAMLDefaultIdentityProviderId,
-                SAMLSignatureAlgorithm, SAMLAppendDomainSuffix, SAMLTimeout, SAMLCheckSignature};
+                SAMLSignatureAlgorithm, SAMLAppendDomainSuffix, SAMLTimeout, SAMLCheckSignature,
+                SAMLUserSessionKeyPathAttribute};
     }
 }
diff --git a/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAMLUtils.java b/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAMLUtils.java
index f10bc891368e..bb94c8af4c23 100644
--- a/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAMLUtils.java
+++ b/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAMLUtils.java
@@ -25,6 +25,8 @@
 import java.io.StringWriter;
 import java.io.UnsupportedEncodingException;
 import java.math.BigInteger;
+import java.net.URI;
+import java.net.URISyntaxException;
 import java.net.URLEncoder;
 import java.nio.charset.Charset;
 import java.security.InvalidKeyException;
@@ -101,7 +103,9 @@
 import org.w3c.dom.Element;
 import org.xml.sax.SAXException;
 
+import com.cloud.api.ApiServlet;
 import com.cloud.utils.HttpUtils;
+import com.cloud.utils.exception.CloudRuntimeException;
 
 public class SAMLUtils {
     public static final Logger s_logger = Logger.getLogger(SAMLUtils.class);
@@ -296,7 +300,26 @@ public static void setupSamlUserCookies(final LoginCmdResponse loginResponse, fi
             resp.addCookie(new Cookie("timezone", URLEncoder.encode(timezone, HttpUtils.UTF_8)));
         }
         resp.addCookie(new Cookie("userfullname", URLEncoder.encode(loginResponse.getFirstName() + " " + loginResponse.getLastName(), HttpUtils.UTF_8).replace("+", "%20")));
-        resp.addHeader("SET-COOKIE", String.format("%s=%s;HttpOnly;Path=/client/api", ApiConstants.SESSIONKEY, loginResponse.getSessionKey()));
+
+        String redirectUrl = SAML2AuthManager.SAMLCloudStackRedirectionUrl.value();
+        String path = SAML2AuthManager.SAMLUserSessionKeyPathAttribute.value();
+        String domain = null;
+        try {
+            URI redirectUri = new URI(redirectUrl);
+            domain = redirectUri.getHost();
+            if (StringUtils.isBlank(path)) {
+                path = redirectUri.getPath();
+            }
+            if (StringUtils.isBlank(path)) {
+                path = "/";
+            }
+        } catch (URISyntaxException ex) {
+            throw new CloudRuntimeException("Invalid URI: " + redirectUrl);
+        }
+        String sameSite = ApiServlet.getApiSessionKeySameSite();
+        String sessionKeyCookie = String.format("%s=%s;Domain=%s;Path=%s;%s", ApiConstants.SESSIONKEY, loginResponse.getSessionKey(), domain, path, sameSite);
+        s_logger.debug("Adding sessionkey cookie to response: " + sessionKeyCookie);
+        resp.addHeader("SET-COOKIE", sessionKeyCookie);
     }
 
     /**
diff --git a/plugins/user-authenticators/saml2/src/test/java/org/apache/cloudstack/api/command/ListAndSwitchSAMLAccountCmdTest.java b/plugins/user-authenticators/saml2/src/test/java/org/apache/cloudstack/api/command/ListAndSwitchSAMLAccountCmdTest.java
index b4d230e3cd60..729334d22ce5 100644
--- a/plugins/user-authenticators/saml2/src/test/java/org/apache/cloudstack/api/command/ListAndSwitchSAMLAccountCmdTest.java
+++ b/plugins/user-authenticators/saml2/src/test/java/org/apache/cloudstack/api/command/ListAndSwitchSAMLAccountCmdTest.java
@@ -27,6 +27,7 @@
 import java.util.HashMap;
 import java.util.Map;
 
+import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
@@ -88,6 +89,9 @@ public class ListAndSwitchSAMLAccountCmdTest extends TestCase {
     @Mock
     HttpServletRequest req;
 
+    final String sessionId = "node0xxxxxxxxxxxxx";
+    Cookie[] cookies;
+
     @Test
     public void testListAndSwitchSAMLAccountCmd() throws Exception {
         // Setup
@@ -95,6 +99,7 @@ public void testListAndSwitchSAMLAccountCmd() throws Exception {
         final String sessionKeyValue = "someSessionIDValue";
         Mockito.when(session.getAttribute(ApiConstants.SESSIONKEY)).thenReturn(sessionKeyValue);
         Mockito.when(session.getAttribute("userid")).thenReturn(2L);
+        Mockito.when(session.getId()).thenReturn(sessionId);
         params.put(ApiConstants.USER_ID, new String[]{"2"});
         params.put(ApiConstants.DOMAIN_ID, new String[]{"1"});
         Mockito.when(userDao.findByUuid(anyString())).thenReturn(new UserVO(2L));
@@ -146,7 +151,25 @@ public void testListAndSwitchSAMLAccountCmd() throws Exception {
             Mockito.verify(accountService, Mockito.times(0)).getUserAccountById(Mockito.anyLong());
         }
 
-        // valid sessionkey value test
+        // valid sessionkey value and invalid JSESSIONID test
+        cookies = new Cookie[2];
+        cookies[0] = new Cookie(ApiConstants.SESSIONKEY, sessionKeyValue);
+        cookies[1] = new Cookie("JSESSIONID", "invalid-JSESSIONID");
+        Mockito.when(req.getCookies()).thenReturn(cookies);
+        params.put(ApiConstants.SESSIONKEY, new String[]{sessionKeyValue});
+        try {
+            cmd.authenticate("command", params, session, null, HttpUtils.RESPONSE_TYPE_JSON, new StringBuilder(), req, resp);
+        } catch (ServerApiException exception) {
+            assertEquals(exception.getErrorCode(), ApiErrorCode.UNAUTHORIZED);
+        } finally {
+            Mockito.verify(accountService, Mockito.times(0)).getUserAccountById(Mockito.anyLong());
+        }
+
+        // valid sessionkey value and valid JSESSIONID test
+        cookies = new Cookie[2];
+        cookies[0] = new Cookie(ApiConstants.SESSIONKEY, sessionKeyValue);
+        cookies[1] = new Cookie("JSESSIONID", sessionId + ".node0");
+        Mockito.when(req.getCookies()).thenReturn(cookies);
         params.put(ApiConstants.SESSIONKEY, new String[]{sessionKeyValue});
         try {
             cmd.authenticate("command", params, session, null, HttpUtils.RESPONSE_TYPE_JSON, new StringBuilder(), req, resp);
diff --git a/server/src/main/java/com/cloud/api/ApiServer.java b/server/src/main/java/com/cloud/api/ApiServer.java
index b1a04932cf9b..d68f42470d55 100644
--- a/server/src/main/java/com/cloud/api/ApiServer.java
+++ b/server/src/main/java/com/cloud/api/ApiServer.java
@@ -33,6 +33,7 @@
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.Date;
+import java.util.EnumSet;
 import java.util.Enumeration;
 import java.util.HashMap;
 import java.util.HashSet;
@@ -47,6 +48,7 @@
 import java.util.concurrent.TimeUnit;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
+import java.util.stream.Collectors;
 
 import javax.crypto.Mac;
 import javax.crypto.spec.SecretKeySpec;
@@ -168,6 +170,8 @@
 import com.cloud.utils.ConstantTimeComparator;
 import com.cloud.utils.DateUtil;
 import com.cloud.utils.HttpUtils;
+import com.cloud.utils.HttpUtils.ApiSessionKeySameSite;
+import com.cloud.utils.HttpUtils.ApiSessionKeyCheckOption;
 import com.cloud.utils.Pair;
 import com.cloud.utils.ReflectUtil;
 import com.cloud.utils.StringUtils;
@@ -306,6 +310,24 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler, ApiSer
             , true
             , ConfigKey.Scope.Global);
 
+    static final ConfigKey<String> ApiSessionKeyCookieSameSiteSetting = new ConfigKey<>(String.class
+            , "api.sessionkey.cookie.samesite"
+            , ConfigKey.CATEGORY_ADVANCED
+            , ApiSessionKeySameSite.Lax.name()
+            , "The SameSite attribute of cookie 'sessionkey'. Valid options are: Lax (default), Strict, NoneAndSecure and Null."
+            , true
+            , ConfigKey.Scope.Global, null, null, null, null, null, ConfigKey.Kind.Select,
+            EnumSet.allOf(ApiSessionKeySameSite.class).stream().map(Enum::toString).collect(Collectors.joining(", ")));
+
+    public static final ConfigKey<String> ApiSessionKeyCheckLocations = new ConfigKey<>(String.class
+            , "api.sessionkey.check.locations"
+            , ConfigKey.CATEGORY_ADVANCED
+            , ApiSessionKeyCheckOption.CookieAndParameter.name()
+            , "The locations of 'sessionkey' during the validation of the API requests. Valid options are: CookieOrParameter, ParameterOnly, CookieAndParameter (default)."
+            , true
+            , ConfigKey.Scope.Global, null, null, null, null, null, ConfigKey.Kind.Select,
+            EnumSet.allOf(ApiSessionKeyCheckOption.class).stream().map(Enum::toString).collect(Collectors.joining(", ")));
+
     @Override
     public boolean configure(final String name, final Map<String, Object> params) throws ConfigurationException {
         messageBus.subscribe(AsyncJob.Topics.JOB_EVENT_PUBLISH, MessageDispatcher.getDispatcher(this));
@@ -1531,7 +1553,9 @@ public ConfigKey<?>[] getConfigKeys() {
                 JSONDefaultContentType,
                 proxyForwardList,
                 useForwardHeader,
-                listOfForwardHeaders
+                listOfForwardHeaders,
+                ApiSessionKeyCookieSameSiteSetting,
+                ApiSessionKeyCheckLocations
         };
     }
 }
diff --git a/server/src/main/java/com/cloud/api/ApiServlet.java b/server/src/main/java/com/cloud/api/ApiServlet.java
index e719238afef1..d9654f039163 100644
--- a/server/src/main/java/com/cloud/api/ApiServlet.java
+++ b/server/src/main/java/com/cloud/api/ApiServlet.java
@@ -47,6 +47,7 @@
 import org.apache.cloudstack.managed.context.ManagedContext;
 import org.apache.cloudstack.utils.consoleproxy.ConsoleAccessUtils;
 import org.apache.log4j.Logger;
+import org.apache.commons.lang3.EnumUtils;
 import org.jetbrains.annotations.Nullable;
 import org.springframework.stereotype.Component;
 import org.springframework.web.context.support.SpringBeanAutowiringSupport;
@@ -63,13 +64,15 @@
 import com.cloud.user.UserAccount;
 
 import com.cloud.utils.HttpUtils;
+import com.cloud.utils.HttpUtils.ApiSessionKeySameSite;
+import com.cloud.utils.HttpUtils.ApiSessionKeyCheckOption;
 import com.cloud.utils.StringUtils;
 import com.cloud.utils.db.EntityManager;
 import com.cloud.utils.net.NetUtils;
 
 @Component("apiServlet")
 public class ApiServlet extends HttpServlet {
-    public static final Logger s_logger = Logger.getLogger(ApiServlet.class.getName());
+    public static final Logger LOGGER = Logger.getLogger(ApiServlet.class.getName());
     private static final Logger s_accessLogger = Logger.getLogger("apiserver." + ApiServlet.class.getName());
     private static final String REPLACEMENT = "_";
     private static final String LOG_REPLACEMENTS = "[\n\r\t]";
@@ -127,7 +130,7 @@ void utf8Fixup(final HttpServletRequest req, final Map<String, Object[]> params)
                     String value = decodeUtf8(paramTokens[1]);
                     params.put(name, new String[] {value});
                 } else {
-                    s_logger.debug("Invalid parameter in URL found. param: " + param);
+                    LOGGER.debug("Invalid parameter in URL found. param: " + param);
                 }
             }
         }
@@ -156,7 +159,7 @@ private void checkSingleQueryParameterValue(Map<String, String[]> params) {
             if (v.length > 1) {
                 String message = String.format("Query parameter '%s' has multiple values %s. Only the last value will be respected." +
                     "It is advised to pass only a single parameter", k, Arrays.toString(v));
-                s_logger.warn(message);
+                LOGGER.warn(message);
             }
         });
 
@@ -167,7 +170,7 @@ void processRequestInContext(final HttpServletRequest req, final HttpServletResp
         try {
             remoteAddress = getClientAddress(req);
         } catch (UnknownHostException e) {
-            s_logger.warn("UnknownHostException when trying to lookup remote IP-Address. This should never happen. Blocking request.", e);
+            LOGGER.warn("UnknownHostException when trying to lookup remote IP-Address. This should never happen. Blocking request.", e);
             final String response = apiServer.getSerializedApiError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
                     "UnknownHostException when trying to lookup remote IP-Address", null,
                     HttpUtils.RESPONSE_TYPE_XML);
@@ -191,17 +194,17 @@ void processRequestInContext(final HttpServletRequest req, final HttpServletResp
         // logging the request start and end in management log for easy debugging
         String reqStr = "";
         String cleanQueryString = StringUtils.cleanString(req.getQueryString());
-        if (s_logger.isDebugEnabled()) {
+        if (LOGGER.isDebugEnabled()) {
             reqStr = auditTrailSb.toString() + " " + cleanQueryString;
-            s_logger.debug("===START=== " + reqStr);
+            LOGGER.debug("===START=== " + reqStr);
         }
 
         try {
             resp.setContentType(HttpUtils.XML_CONTENT_TYPE);
 
             HttpSession session = req.getSession(false);
-            if (s_logger.isTraceEnabled()) {
-                s_logger.trace(String.format("session found: %s", session));
+            if (LOGGER.isTraceEnabled()) {
+                LOGGER.trace(String.format("session found: %s", session));
             }
             final Object[] responseTypeParam = params.get(ApiConstants.RESPONSE);
             if (responseTypeParam != null) {
@@ -212,10 +215,10 @@ void processRequestInContext(final HttpServletRequest req, final HttpServletResp
             final String command = commandObj == null ? null : (String) commandObj[0];
             final Object[] userObj = params.get(ApiConstants.USERNAME);
             String username = userObj == null ? null : (String)userObj[0];
-            if (s_logger.isTraceEnabled()) {
+            if (LOGGER.isTraceEnabled()) {
                 String logCommand = saveLogString(command);
                 String logName = saveLogString(username);
-                s_logger.trace(String.format("command %s processing for user \"%s\"",
+                LOGGER.trace(String.format("command %s processing for user \"%s\"",
                         logCommand,
                         logName));
             }
@@ -238,25 +241,26 @@ void processRequestInContext(final HttpServletRequest req, final HttpServletResp
 
                         if (ApiServer.EnableSecureSessionCookie.value()) {
                             resp.setHeader("SET-COOKIE", String.format("JSESSIONID=%s;Secure;HttpOnly;Path=/client", session.getId()));
-                            if (s_logger.isDebugEnabled()) {
-                                s_logger.debug("Session cookie is marked secure!");
+                            if (LOGGER.isDebugEnabled()) {
+                                LOGGER.debug("Session cookie is marked secure!");
                             }
                         }
                     }
 
                     try {
-                        if (s_logger.isTraceEnabled()) {
-                            s_logger.trace(String.format("apiAuthenticator.authenticate(%s, params[%d], %s, %s, %s, %s, %s,%s)",
+                        if (LOGGER.isTraceEnabled()) {
+                            LOGGER.trace(String.format("apiAuthenticator.authenticate(%s, params[%d], %s, %s, %s, %s, %s,%s)",
                                     saveLogString(command), params.size(), session.getId(), remoteAddress.getHostAddress(), saveLogString(responseType), "auditTrailSb", "req", "resp"));
                         }
                         responseString = apiAuthenticator.authenticate(command, params, session, remoteAddress, responseType, auditTrailSb, req, resp);
                         if (session != null && session.getAttribute(ApiConstants.SESSIONKEY) != null) {
-                            resp.addHeader("SET-COOKIE", String.format("%s=%s;HttpOnly", ApiConstants.SESSIONKEY, session.getAttribute(ApiConstants.SESSIONKEY)));
+                            String sameSite = getApiSessionKeySameSite();
+                            resp.addHeader("SET-COOKIE", String.format("%s=%s;HttpOnly;%s", ApiConstants.SESSIONKEY, session.getAttribute(ApiConstants.SESSIONKEY), sameSite));
                         }
                     } catch (ServerApiException e) {
                         httpResponseCode = e.getErrorCode().getHttpCode();
                         responseString = e.getMessage();
-                        s_logger.debug("Authentication failure: " + e.getMessage());
+                        LOGGER.debug("Authentication failure: " + e.getMessage());
                     }
 
                     if (apiAuthenticator.getAPIType() == APIAuthenticationType.LOGOUT_API) {
@@ -289,7 +293,7 @@ void processRequestInContext(final HttpServletRequest req, final HttpServletResp
                     return;
                 }
             } else {
-                s_logger.trace("no command available");
+                LOGGER.trace("no command available");
             }
             auditTrailSb.append(cleanQueryString);
             final boolean isNew = ((session == null) ? true : session.isNew());
@@ -298,15 +302,15 @@ void processRequestInContext(final HttpServletRequest req, final HttpServletResp
             // we no longer rely on web-session here, verifyRequest will populate user/account information
             // if a API key exists
 
-            if (isNew && s_logger.isTraceEnabled()) {
-                s_logger.trace(String.format("new session: %s", session));
+            if (isNew && LOGGER.isTraceEnabled()) {
+                LOGGER.trace(String.format("new session: %s", session));
             }
 
             if (!isNew && (command.equalsIgnoreCase(ValidateUserTwoFactorAuthenticationCodeCmd.APINAME) || (!skip2FAcheckForAPIs(command) && !skip2FAcheckForUser(session)))) {
-                s_logger.debug("Verifying two factor authentication");
+                LOGGER.debug("Verifying two factor authentication");
                 boolean success = verify2FA(session, command, auditTrailSb, params, remoteAddress, responseType, req, resp);
                 if (!success) {
-                    s_logger.debug("Verification of two factor authentication failed");
+                    LOGGER.debug("Verification of two factor authentication failed");
                     return;
                 }
             }
@@ -319,8 +323,8 @@ void processRequestInContext(final HttpServletRequest req, final HttpServletResp
                 if (account != null) {
                     if (invalidateHttpSessionIfNeeded(req, resp, auditTrailSb, responseType, params, session, account)) return;
                 } else {
-                    if (s_logger.isDebugEnabled()) {
-                        s_logger.debug("no account, this request will be validated through apikey(%s)/signature");
+                    if (LOGGER.isDebugEnabled()) {
+                        LOGGER.debug("no account, this request will be validated through apikey(%s)/signature");
                     }
                 }
 
@@ -330,8 +334,8 @@ void processRequestInContext(final HttpServletRequest req, final HttpServletResp
                 CallContext.register(accountMgr.getSystemUser(), accountMgr.getSystemAccount());
             }
             setProjectContext(params);
-            if (s_logger.isTraceEnabled()) {
-                s_logger.trace(String.format("verifying request for user %s from %s with %d parameters",
+            if (LOGGER.isTraceEnabled()) {
+                LOGGER.trace(String.format("verifying request for user %s from %s with %d parameters",
                         userId, remoteAddress.getHostAddress(), params.size()));
             }
             if (apiServer.verifyRequest(params, userId, remoteAddress)) {
@@ -362,18 +366,34 @@ void processRequestInContext(final HttpServletRequest req, final HttpServletResp
             HttpUtils.writeHttpResponse(resp, serializedResponseText, se.getErrorCode().getHttpCode(), responseType, ApiServer.JSONcontentType.value());
             auditTrailSb.append(" " + se.getErrorCode() + " " + se.getDescription());
         } catch (final Exception ex) {
-            s_logger.error("unknown exception writing api response", ex);
+            LOGGER.error("unknown exception writing api response", ex);
             auditTrailSb.append(" unknown exception writing api response");
         } finally {
             s_accessLogger.info(auditTrailSb.toString());
-            if (s_logger.isDebugEnabled()) {
-                s_logger.debug("===END=== " + reqStr);
+            if (LOGGER.isDebugEnabled()) {
+                LOGGER.debug("===END=== " + reqStr);
             }
             // cleanup user context to prevent from being peeked in other request context
             CallContext.unregister();
         }
     }
 
+    public static String getApiSessionKeySameSite() {
+        ApiSessionKeySameSite sameSite = EnumUtils.getEnumIgnoreCase(ApiSessionKeySameSite.class,
+                ApiServer.ApiSessionKeyCookieSameSiteSetting.value(), ApiSessionKeySameSite.Lax);
+        switch (sameSite) {
+            case Strict:
+                return "SameSite=Strict";
+            case NoneAndSecure:
+                return "SameSite=None;Secure";
+            case Null:
+                return "";
+            case Lax:
+            default:
+                return "SameSite=Lax";
+        }
+    }
+
     private boolean checkIfAuthenticatorIsOf2FA(String command) {
         boolean verify2FA = false;
         APIAuthenticator apiAuthenticator = authManager.getAPIAuthenticator(command);
@@ -402,7 +422,7 @@ protected boolean skip2FAcheckForUser(HttpSession session) {
         Long userId = (Long) session.getAttribute("userid");
         boolean is2FAverified = (boolean) session.getAttribute(ApiConstants.IS_2FA_VERIFIED);
         if (is2FAverified) {
-            s_logger.debug(String.format("Two factor authentication is already verified for the user %d, so skipping", userId));
+            LOGGER.debug(String.format("Two factor authentication is already verified for the user %d, so skipping", userId));
             skip2FAcheck = true;
         } else {
             UserAccount userAccount = accountMgr.getUserAccountById(userId);
@@ -433,7 +453,7 @@ protected boolean verify2FA(HttpSession session, String command, StringBuilder a
                 HttpUtils.writeHttpResponse(resp, responseString, HttpServletResponse.SC_OK, responseType, ApiServer.JSONcontentType.value());
                 verify2FA = true;
             } else {
-                s_logger.error("Cannot find API authenticator while verifying 2FA");
+                LOGGER.error("Cannot find API authenticator while verifying 2FA");
                 auditTrailSb.append(" Cannot find API authenticator while verifying 2FA");
                 verify2FA = false;
             }
@@ -457,7 +477,7 @@ protected boolean verify2FA(HttpSession session, String command, StringBuilder a
                 errorMsg = "Two factor authentication is mandated by admin, user needs to setup 2FA using setupUserTwoFactorAuthentication API and" +
                         " then verify 2FA using validateUserTwoFactorAuthenticationCode API before calling other APIs. Existing session is invalidated.";
             }
-            s_logger.error(errorMsg);
+            LOGGER.error(errorMsg);
 
             invalidateHttpSession(session, String.format("Unable to process the API request for %s from %s due to %s", userId, remoteAddress.getHostAddress(), errorMsg));
             auditTrailSb.append(" " + ApiErrorCode.UNAUTHORIZED2FA + " " + errorMsg);
@@ -488,7 +508,7 @@ private String saveLogString(String stringToLog) {
     private boolean requestChecksoutAsSane(HttpServletResponse resp, StringBuilder auditTrailSb, String responseType, Map<String, Object[]> params, HttpSession session, String command, Long userId, String account, Object accountObj) {
         if ((userId != null) && (account != null) && (accountObj != null) && apiServer.verifyUser(userId)) {
             if (command == null) {
-                s_logger.info("missing command, ignoring request...");
+                LOGGER.info("missing command, ignoring request...");
                 auditTrailSb.append(" " + HttpServletResponse.SC_BAD_REQUEST + " " + "no command specified");
                 final String serializedResponse = apiServer.getSerializedApiError(HttpServletResponse.SC_BAD_REQUEST, "no command specified", params, responseType);
                 HttpUtils.writeHttpResponse(resp, serializedResponse, HttpServletResponse.SC_BAD_REQUEST, responseType, ApiServer.JSONcontentType.value());
@@ -509,7 +529,9 @@ private boolean requestChecksoutAsSane(HttpServletResponse resp, StringBuilder a
     }
 
     private boolean invalidateHttpSessionIfNeeded(HttpServletRequest req, HttpServletResponse resp, StringBuilder auditTrailSb, String responseType, Map<String, Object[]> params, HttpSession session, String account) {
-        if (!HttpUtils.validateSessionKey(session, params, req.getCookies(), ApiConstants.SESSIONKEY)) {
+        ApiSessionKeyCheckOption sessionKeyCheckOption = EnumUtils.getEnumIgnoreCase(ApiSessionKeyCheckOption.class,
+                ApiServer.ApiSessionKeyCheckLocations.value(), ApiSessionKeyCheckOption.CookieAndParameter);
+        if (!HttpUtils.validateSessionKey(session, params, req.getCookies(), ApiConstants.SESSIONKEY, sessionKeyCheckOption)) {
             String msg = String.format("invalidating session %s for account %s", session.getId(), account);
             invalidateHttpSession(session, msg);
             auditTrailSb.append(" " + HttpServletResponse.SC_UNAUTHORIZED + " " + "unable to verify user credentials");
@@ -523,13 +545,13 @@ private boolean invalidateHttpSessionIfNeeded(HttpServletRequest req, HttpServle
 
     public static void invalidateHttpSession(HttpSession session, String msg) {
         try {
-            if (s_logger.isTraceEnabled()) {
-                s_logger.trace(msg);
+            if (LOGGER.isTraceEnabled()) {
+                LOGGER.trace(msg);
             }
             session.invalidate();
         } catch (final IllegalStateException ise) {
-            if (s_logger.isTraceEnabled()) {
-                s_logger.trace(String.format("failed to invalidate session %s", session.getId()));
+            if (LOGGER.isTraceEnabled()) {
+                LOGGER.trace(String.format("failed to invalidate session %s", session.getId()));
             }
         }
     }
@@ -537,7 +559,7 @@ public static void invalidateHttpSession(HttpSession session, String msg) {
     private void setProjectContext(Map<String, Object[]> requestParameters) {
         final String[] command = (String[])requestParameters.get(ApiConstants.COMMAND);
         if (command == null) {
-            s_logger.info("missing command, ignoring request...");
+            LOGGER.info("missing command, ignoring request...");
             return;
         }
 
@@ -585,14 +607,14 @@ public InetAddress getClientAddress(final HttpServletRequest request) throws Unk
                     header = header.trim();
                     ip = getCorrectIPAddress(request.getHeader(header));
                     if (StringUtils.isNotBlank(ip)) {
-                        s_logger.debug(String.format("found ip %s in header %s ", ip, header));
+                        LOGGER.debug(String.format("found ip %s in header %s ", ip, header));
                         break;
                     }
                 } // no address found in header so ip is blank and use remote addr
             } // else not an allowed proxy address, ip is blank and use remote addr
         }
         if (StringUtils.isBlank(ip)) {
-            s_logger.trace(String.format("no ip found in headers, returning remote address %s.", pretender.getHostAddress()));
+            LOGGER.trace(String.format("no ip found in headers, returning remote address %s.", pretender.getHostAddress()));
             return pretender;
         }
 
diff --git a/test/integration/smoke/test_login.py b/test/integration/smoke/test_login.py
index 40d8349a13da..acd6c4334ac4 100644
--- a/test/integration/smoke/test_login.py
+++ b/test/integration/smoke/test_login.py
@@ -133,6 +133,7 @@ def login_test_saml_user(self):
             args["command"] = 'listUsers'
             args["listall"] = 'true'
             args["response"] = "json"
+            args["sessionkey"] = response.json()['loginresponse']['sessionkey']
             response = session.get(self.server_url, params=args)
             self.assertEqual(
                 response.status_code,
diff --git a/ui/src/api/index.js b/ui/src/api/index.js
index 144320107385..7ab87780a9d4 100644
--- a/ui/src/api/index.js
+++ b/ui/src/api/index.js
@@ -15,8 +15,13 @@
 // specific language governing permissions and limitations
 // under the License.
 
+import Cookies from 'js-cookie'
 import { axios, sourceToken } from '@/utils/request'
 import { message, notification } from 'ant-design-vue'
+import { vueProps } from '@/vue-app'
+import {
+  ACCESS_TOKEN
+} from '@/store/mutation-types'
 
 export function api (command, args = {}, method = 'GET', data = {}) {
   let params = {}
@@ -30,6 +35,11 @@ export function api (command, args = {}, method = 'GET', data = {}) {
     })
   }
 
+  const sessionkey = vueProps.$localStorage.get(ACCESS_TOKEN) || Cookies.get('sessionkey')
+  if (sessionkey) {
+    args.sessionkey = sessionkey
+  }
+
   return axios({
     params: {
       ...args
diff --git a/ui/src/store/modules/user.js b/ui/src/store/modules/user.js
index 08a0c340c642..46a1905619f9 100644
--- a/ui/src/store/modules/user.js
+++ b/ui/src/store/modules/user.js
@@ -24,7 +24,6 @@ import router from '@/router'
 import store from '@/store'
 import { oauthlogin, login, logout, api } from '@/api'
 import { i18n } from '@/locales'
-import { sourceToken } from '@/utils/request'
 
 import {
   ACCESS_TOKEN,
diff --git a/utils/src/main/java/com/cloud/utils/HttpUtils.java b/utils/src/main/java/com/cloud/utils/HttpUtils.java
index a5d9f6a16b67..cc97bf4ba151 100644
--- a/utils/src/main/java/com/cloud/utils/HttpUtils.java
+++ b/utils/src/main/java/com/cloud/utils/HttpUtils.java
@@ -37,6 +37,14 @@ public class HttpUtils {
     public static final String JSON_CONTENT_TYPE = "application/json; charset=UTF-8";
     public static final String XML_CONTENT_TYPE = "text/xml; charset=UTF-8";
 
+    public enum ApiSessionKeySameSite {
+        Lax, Strict, NoneAndSecure, Null
+    }
+
+    public enum ApiSessionKeyCheckOption {
+        CookieOrParameter, ParameterOnly, CookieAndParameter
+    }
+
     public static void addSecurityHeaders(final HttpServletResponse resp) {
         if (resp.containsHeader("X-Content-Type-Options")) {
             resp.setHeader("X-Content-Type-Options", "nosniff");
@@ -103,23 +111,43 @@ public static String findCookie(final Cookie[] cookies, final String key) {
         return null;
     }
 
-    public static boolean validateSessionKey(final HttpSession session, final Map<String, Object[]> params, final Cookie[] cookies, final String sessionKeyString) {
+    public static boolean validateSessionKey(final HttpSession session, final Map<String, Object[]> params, final Cookie[] cookies, final String sessionKeyString, final ApiSessionKeyCheckOption apiSessionKeyCheckLocations) {
         if (session == null || sessionKeyString == null) {
             return false;
         }
+        final String jsessionidFromCookie = HttpUtils.findCookie(cookies, "JSESSIONID");
+        if (jsessionidFromCookie == null
+                || !(jsessionidFromCookie.startsWith(session.getId() + '.'))) {
+            s_logger.error("JSESSIONID from cookie is invalid.");
+            return false;
+        }
         final String sessionKey = (String) session.getAttribute(sessionKeyString);
+        if (sessionKey == null) {
+            s_logger.error("sessionkey attribute of the session is null.");
+            return false;
+        }
         final String sessionKeyFromCookie = HttpUtils.findCookie(cookies, sessionKeyString);
+        boolean isSessionKeyFromCookieValid = sessionKeyFromCookie != null && sessionKey.equals(sessionKeyFromCookie);
+
         String[] sessionKeyFromParams = null;
         if (params != null) {
             sessionKeyFromParams = (String[]) params.get(sessionKeyString);
         }
-        if ((sessionKey == null)
-                || (sessionKeyFromParams == null && sessionKeyFromCookie == null)
-                || (sessionKeyFromParams != null && !sessionKey.equals(sessionKeyFromParams[0]))
-                || (sessionKeyFromCookie != null && !sessionKey.equals(sessionKeyFromCookie))) {
-            return false;
+        boolean isSessionKeyFromParamsValid = sessionKeyFromParams != null && sessionKey.equals(sessionKeyFromParams[0]);
+
+        switch (apiSessionKeyCheckLocations) {
+            case CookieOrParameter:
+                return (sessionKeyFromCookie != null || sessionKeyFromParams != null)
+                        && (sessionKeyFromCookie == null || isSessionKeyFromCookieValid)
+                        && (sessionKeyFromParams == null || isSessionKeyFromParamsValid);
+            case ParameterOnly:
+                return sessionKeyFromParams != null && isSessionKeyFromParamsValid
+                        && (sessionKeyFromCookie == null || isSessionKeyFromCookieValid);
+            case CookieAndParameter:
+            default:
+                return sessionKeyFromCookie != null && isSessionKeyFromCookieValid
+                        && sessionKeyFromParams != null && isSessionKeyFromParamsValid;
         }
-        return true;
     }
 
 }
diff --git a/utils/src/test/java/com/cloud/utils/HttpUtilsTest.java b/utils/src/test/java/com/cloud/utils/HttpUtilsTest.java
index e10a5a36b279..e94724ce3d63 100644
--- a/utils/src/test/java/com/cloud/utils/HttpUtilsTest.java
+++ b/utils/src/test/java/com/cloud/utils/HttpUtilsTest.java
@@ -60,35 +60,97 @@ public void validateSessionKeyTest() {
         final String sessionKeyValue = "randomUniqueSessionID";
 
         // session and sessionKeyString null test
-        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString));
+        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.CookieOrParameter));
         sessionKeyString =  "sessionkey";
-        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString));
+        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.CookieOrParameter));
 
         // param and cookie null test
         session = new MockHttpSession();
+        final String sessionId = session.getId();
         session.setAttribute(sessionKeyString, sessionKeyValue);
-        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString));
+        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.CookieOrParameter));
 
-        // param null, cookies not null test
+        // param null, cookies not null test (JSESSIONID is null)
         params = null;
         cookies = new Cookie[]{new Cookie(sessionKeyString, sessionKeyValue)};
-        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, "randomString"));
-        assertTrue(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString));
+        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, "randomString", HttpUtils.ApiSessionKeyCheckOption.CookieOrParameter));
+        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.CookieOrParameter));
+
+        // param null, cookies not null test (JSESSIONID is not null and matches)
+        cookies = new Cookie[2];
+        cookies[0] = new Cookie(sessionKeyString, sessionKeyValue);
+        cookies[1] = new Cookie("JSESSIONID", sessionId + ".node0");
+        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, "randomString", HttpUtils.ApiSessionKeyCheckOption.CookieOrParameter));
+
+        // param null, cookies not null test (JSESSIONID is not null but mismatches)
+        cookies = new Cookie[2];
+        cookies[0] = new Cookie(sessionKeyString, sessionKeyValue);
+        cookies[1] = new Cookie("JSESSIONID", "node0xxxxxxxxxxxxx.node0");
+        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, "randomString", HttpUtils.ApiSessionKeyCheckOption.CookieOrParameter));
+        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.CookieOrParameter));
 
         // param not null, cookies null test
         params = new HashMap<String, Object[]>();
         params.put(sessionKeyString, new String[]{"randomString"});
         cookies = null;
-        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString));
+        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.CookieOrParameter));
         params.put(sessionKeyString, new String[]{sessionKeyValue});
-        assertTrue(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString));
+        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.CookieOrParameter));
 
-        // both param and cookies not null test
+        // both param and cookies not null test (JSESSIONID is null)
         params = new HashMap<String, Object[]>();
-        cookies = new Cookie[]{new Cookie(sessionKeyString, sessionKeyValue)};
+        cookies = new Cookie[2];
+        cookies[0] = new Cookie(sessionKeyString, sessionKeyValue);
         params.put(sessionKeyString, new String[]{"incorrectValue"});
-        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString));
+        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.CookieOrParameter));
         params.put(sessionKeyString, new String[]{sessionKeyValue});
-        assertTrue(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString));
+        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.CookieOrParameter));
+
+        // both param and cookies not null test (JSESSIONID is not null but mismatches)
+        params = new HashMap<String, Object[]>();
+        cookies = new Cookie[2];
+        cookies[0] = new Cookie(sessionKeyString, sessionKeyValue);
+        cookies[1] = new Cookie("JSESSIONID", "node0xxxxxxxxxxxxx.node0");
+        params.put(sessionKeyString, new String[]{"incorrectValue"});
+        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.CookieOrParameter));
+        params.put(sessionKeyString, new String[]{sessionKeyValue});
+        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.CookieOrParameter));
+
+        // both param and cookies not null test (JSESSIONID is not null amd matches)
+        params = new HashMap<String, Object[]>();
+        cookies = new Cookie[2];
+        cookies[0] = new Cookie(sessionKeyString, sessionKeyValue);
+        cookies[1] = new Cookie("JSESSIONID", sessionId + ".node0");
+        params.put(sessionKeyString, new String[]{"incorrectValue"});
+        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.CookieOrParameter));
+        params.put(sessionKeyString, new String[]{sessionKeyValue});
+        assertTrue(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.CookieOrParameter));
+
+        // param not null, cookies null test (JSESSIONID is not null amd matches)
+        params = new HashMap<String, Object[]>();
+        cookies = new Cookie[1];
+        cookies[0] = new Cookie("JSESSIONID", sessionId + ".node0");
+        params.put(sessionKeyString, new String[]{"incorrectValue"});
+        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.ParameterOnly));
+        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.CookieAndParameter));
+        params.put(sessionKeyString, new String[]{sessionKeyValue});
+        assertTrue(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.ParameterOnly));
+        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.CookieAndParameter));
+
+        // param not null (correct), cookies not null test (correct)
+        cookies = new Cookie[2];
+        cookies[0] = new Cookie(sessionKeyString, sessionKeyValue);
+        cookies[1] = new Cookie("JSESSIONID", sessionId + ".node0");
+        assertTrue(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.CookieOrParameter));
+        assertTrue(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.ParameterOnly));
+        assertTrue(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.CookieAndParameter));
+
+        // param not null (correct), cookies not null test (wrong)
+        cookies = new Cookie[2];
+        cookies[0] = new Cookie(sessionKeyString, "incorrectValue");
+        cookies[1] = new Cookie("JSESSIONID", sessionId + ".node0");
+        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.CookieOrParameter));
+        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.ParameterOnly));
+        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.CookieAndParameter));
     }
 }

From b3f9824be1efffd12ca648748dc59e37f2a0e60f Mon Sep 17 00:00:00 2001
From: Daniel Augusto Veronezi Salvador <gutoveronezi@apache.org>
Date: Tue, 17 Sep 2024 16:08:23 -0300
Subject: [PATCH 19/24] Fix Vue devServer after CSRF fix

---
 ui/vue.config.js | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/ui/vue.config.js b/ui/vue.config.js
index c74218b4bcff..9cae2ff66fb1 100644
--- a/ui/vue.config.js
+++ b/ui/vue.config.js
@@ -142,7 +142,11 @@ const vueConfig = {
         secure: false,
         ws: false,
         changeOrigin: true,
-        proxyTimeout: 10 * 60 * 1000 // 10 minutes
+        proxyTimeout: 10 * 60 * 1000, // 10 minutes
+        cookieDomainRewrite: '*',
+        cookiePathRewrite: {
+          '/client': '/'
+        }
       }
     },
     https: process.env.HTTPS_KEY ? {

From 18fe4226cecc930ec0b39c43e5b63a48c17c2ad4 Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Fri, 4 Oct 2024 11:18:01 +0200
Subject: [PATCH 20/24] Updating pom.xml version numbers for release 4.19.1.2

Signed-off-by: Daan Hoogland <daan@onecht.net>
---
 agent/pom.xml                                               | 2 +-
 api/pom.xml                                                 | 2 +-
 client/pom.xml                                              | 2 +-
 core/pom.xml                                                | 2 +-
 debian/changelog                                            | 6 ++++++
 developer/pom.xml                                           | 2 +-
 engine/api/pom.xml                                          | 2 +-
 engine/components-api/pom.xml                               | 2 +-
 engine/orchestration/pom.xml                                | 2 +-
 engine/pom.xml                                              | 2 +-
 engine/schema/pom.xml                                       | 2 +-
 engine/service/pom.xml                                      | 2 +-
 engine/storage/cache/pom.xml                                | 2 +-
 engine/storage/configdrive/pom.xml                          | 2 +-
 engine/storage/datamotion/pom.xml                           | 2 +-
 engine/storage/image/pom.xml                                | 2 +-
 engine/storage/integration-test/pom.xml                     | 2 +-
 engine/storage/object/pom.xml                               | 2 +-
 engine/storage/pom.xml                                      | 2 +-
 engine/storage/snapshot/pom.xml                             | 2 +-
 engine/storage/volume/pom.xml                               | 2 +-
 engine/userdata/cloud-init/pom.xml                          | 2 +-
 engine/userdata/pom.xml                                     | 2 +-
 framework/agent-lb/pom.xml                                  | 2 +-
 framework/ca/pom.xml                                        | 2 +-
 framework/cluster/pom.xml                                   | 2 +-
 framework/config/pom.xml                                    | 2 +-
 framework/db/pom.xml                                        | 2 +-
 framework/direct-download/pom.xml                           | 2 +-
 framework/events/pom.xml                                    | 2 +-
 framework/ipc/pom.xml                                       | 2 +-
 framework/jobs/pom.xml                                      | 2 +-
 framework/managed-context/pom.xml                           | 2 +-
 framework/pom.xml                                           | 2 +-
 framework/quota/pom.xml                                     | 2 +-
 framework/rest/pom.xml                                      | 2 +-
 framework/security/pom.xml                                  | 2 +-
 framework/spring/lifecycle/pom.xml                          | 2 +-
 framework/spring/module/pom.xml                             | 2 +-
 plugins/acl/dynamic-role-based/pom.xml                      | 2 +-
 plugins/acl/project-role-based/pom.xml                      | 2 +-
 plugins/acl/static-role-based/pom.xml                       | 2 +-
 .../affinity-group-processors/explicit-dedication/pom.xml   | 2 +-
 plugins/affinity-group-processors/host-affinity/pom.xml     | 2 +-
 .../affinity-group-processors/host-anti-affinity/pom.xml    | 2 +-
 .../non-strict-host-affinity/pom.xml                        | 2 +-
 .../non-strict-host-anti-affinity/pom.xml                   | 2 +-
 plugins/alert-handlers/snmp-alerts/pom.xml                  | 2 +-
 plugins/alert-handlers/syslog-alerts/pom.xml                | 2 +-
 plugins/api/discovery/pom.xml                               | 2 +-
 plugins/api/rate-limit/pom.xml                              | 2 +-
 plugins/api/solidfire-intg-test/pom.xml                     | 2 +-
 plugins/api/vmware-sioc/pom.xml                             | 2 +-
 plugins/backup/dummy/pom.xml                                | 2 +-
 plugins/backup/networker/pom.xml                            | 2 +-
 plugins/backup/veeam/pom.xml                                | 2 +-
 plugins/ca/root-ca/pom.xml                                  | 2 +-
 plugins/database/mysql-ha/pom.xml                           | 2 +-
 plugins/database/quota/pom.xml                              | 2 +-
 plugins/dedicated-resources/pom.xml                         | 2 +-
 plugins/deployment-planners/implicit-dedication/pom.xml     | 2 +-
 plugins/deployment-planners/user-concentrated-pod/pom.xml   | 2 +-
 plugins/deployment-planners/user-dispersing/pom.xml         | 2 +-
 plugins/drs/cluster/balanced/pom.xml                        | 2 +-
 plugins/drs/cluster/condensed/pom.xml                       | 2 +-
 plugins/event-bus/inmemory/pom.xml                          | 2 +-
 plugins/event-bus/kafka/pom.xml                             | 2 +-
 plugins/event-bus/rabbitmq/pom.xml                          | 2 +-
 plugins/ha-planners/skip-heurestics/pom.xml                 | 2 +-
 plugins/host-allocators/random/pom.xml                      | 2 +-
 plugins/hypervisors/baremetal/pom.xml                       | 2 +-
 plugins/hypervisors/hyperv/pom.xml                          | 2 +-
 plugins/hypervisors/kvm/pom.xml                             | 2 +-
 plugins/hypervisors/ovm/pom.xml                             | 2 +-
 plugins/hypervisors/ovm3/pom.xml                            | 2 +-
 plugins/hypervisors/simulator/pom.xml                       | 2 +-
 plugins/hypervisors/ucs/pom.xml                             | 2 +-
 plugins/hypervisors/vmware/pom.xml                          | 2 +-
 plugins/hypervisors/xenserver/pom.xml                       | 2 +-
 plugins/integrations/cloudian/pom.xml                       | 2 +-
 plugins/integrations/kubernetes-service/pom.xml             | 2 +-
 plugins/integrations/prometheus/pom.xml                     | 2 +-
 plugins/metrics/pom.xml                                     | 2 +-
 plugins/network-elements/bigswitch/pom.xml                  | 2 +-
 plugins/network-elements/brocade-vcs/pom.xml                | 2 +-
 plugins/network-elements/cisco-vnmc/pom.xml                 | 2 +-
 plugins/network-elements/dns-notifier/pom.xml               | 2 +-
 plugins/network-elements/elastic-loadbalancer/pom.xml       | 2 +-
 plugins/network-elements/globodns/pom.xml                   | 2 +-
 plugins/network-elements/internal-loadbalancer/pom.xml      | 2 +-
 plugins/network-elements/juniper-contrail/pom.xml           | 2 +-
 plugins/network-elements/netscaler/pom.xml                  | 2 +-
 plugins/network-elements/nicira-nvp/pom.xml                 | 2 +-
 plugins/network-elements/opendaylight/pom.xml               | 2 +-
 plugins/network-elements/ovs/pom.xml                        | 2 +-
 plugins/network-elements/palo-alto/pom.xml                  | 2 +-
 plugins/network-elements/stratosphere-ssp/pom.xml           | 2 +-
 plugins/network-elements/tungsten/pom.xml                   | 2 +-
 plugins/network-elements/vxlan/pom.xml                      | 2 +-
 plugins/outofbandmanagement-drivers/ipmitool/pom.xml        | 2 +-
 .../outofbandmanagement-drivers/nested-cloudstack/pom.xml   | 2 +-
 plugins/outofbandmanagement-drivers/redfish/pom.xml         | 2 +-
 plugins/pom.xml                                             | 2 +-
 plugins/shutdown/pom.xml                                    | 2 +-
 plugins/storage-allocators/random/pom.xml                   | 2 +-
 plugins/storage/image/default/pom.xml                       | 2 +-
 plugins/storage/image/s3/pom.xml                            | 2 +-
 plugins/storage/image/sample/pom.xml                        | 2 +-
 plugins/storage/image/swift/pom.xml                         | 2 +-
 plugins/storage/object/minio/pom.xml                        | 2 +-
 plugins/storage/object/simulator/pom.xml                    | 2 +-
 plugins/storage/volume/adaptive/pom.xml                     | 2 +-
 plugins/storage/volume/cloudbyte/pom.xml                    | 2 +-
 plugins/storage/volume/datera/pom.xml                       | 2 +-
 plugins/storage/volume/default/pom.xml                      | 2 +-
 plugins/storage/volume/flasharray/pom.xml                   | 2 +-
 plugins/storage/volume/linstor/pom.xml                      | 2 +-
 plugins/storage/volume/nexenta/pom.xml                      | 2 +-
 plugins/storage/volume/primera/pom.xml                      | 2 +-
 plugins/storage/volume/sample/pom.xml                       | 2 +-
 plugins/storage/volume/scaleio/pom.xml                      | 2 +-
 plugins/storage/volume/solidfire/pom.xml                    | 2 +-
 plugins/storage/volume/storpool/pom.xml                     | 2 +-
 plugins/user-authenticators/ldap/pom.xml                    | 2 +-
 plugins/user-authenticators/md5/pom.xml                     | 2 +-
 plugins/user-authenticators/oauth2/pom.xml                  | 2 +-
 plugins/user-authenticators/pbkdf2/pom.xml                  | 2 +-
 plugins/user-authenticators/plain-text/pom.xml              | 2 +-
 plugins/user-authenticators/saml2/pom.xml                   | 2 +-
 plugins/user-authenticators/sha256salted/pom.xml            | 2 +-
 plugins/user-two-factor-authenticators/static-pin/pom.xml   | 2 +-
 plugins/user-two-factor-authenticators/totp/pom.xml         | 2 +-
 pom.xml                                                     | 2 +-
 quickcloud/pom.xml                                          | 2 +-
 server/pom.xml                                              | 2 +-
 services/console-proxy/pom.xml                              | 2 +-
 services/console-proxy/rdpconsole/pom.xml                   | 2 +-
 services/console-proxy/server/pom.xml                       | 2 +-
 services/pom.xml                                            | 2 +-
 services/secondary-storage/controller/pom.xml               | 2 +-
 services/secondary-storage/pom.xml                          | 2 +-
 services/secondary-storage/server/pom.xml                   | 2 +-
 systemvm/pom.xml                                            | 2 +-
 test/pom.xml                                                | 2 +-
 tools/apidoc/pom.xml                                        | 2 +-
 tools/checkstyle/pom.xml                                    | 2 +-
 tools/devcloud-kvm/pom.xml                                  | 2 +-
 tools/devcloud4/pom.xml                                     | 2 +-
 tools/marvin/pom.xml                                        | 2 +-
 tools/pom.xml                                               | 2 +-
 usage/pom.xml                                               | 2 +-
 utils/pom.xml                                               | 2 +-
 vmware-base/pom.xml                                         | 2 +-
 153 files changed, 158 insertions(+), 152 deletions(-)

diff --git a/agent/pom.xml b/agent/pom.xml
index 25c032abf140..b25d246bd914 100644
--- a/agent/pom.xml
+++ b/agent/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
     </parent>
     <dependencies>
         <dependency>
diff --git a/api/pom.xml b/api/pom.xml
index cdb4e802c2b6..2daba5d20571 100644
--- a/api/pom.xml
+++ b/api/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
     </parent>
     <dependencies>
         <dependency>
diff --git a/client/pom.xml b/client/pom.xml
index b50a5197bd9e..0a098c00fbbb 100644
--- a/client/pom.xml
+++ b/client/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
     </parent>
     <repositories>
         <repository>
diff --git a/core/pom.xml b/core/pom.xml
index 31200bcadcd2..e3b514e27701 100644
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
     </parent>
     <dependencies>
         <dependency>
diff --git a/debian/changelog b/debian/changelog
index d6ac588cba6c..524c38910916 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+cloudstack (4.19.1.2) unstable; urgency=low
+
+  * Update the version to 4.19.1.2
+
+ -- the Apache CloudStack project <dev@cloudstack.apache.org>  Fri, 04 Oct 2024 11:18:01 +0200
+
 cloudstack (4.19.1.1) unstable; urgency=low
 
   * Update the version to 4.19.1.1
diff --git a/developer/pom.xml b/developer/pom.xml
index 6cb64ff1feac..25174bfeb257 100644
--- a/developer/pom.xml
+++ b/developer/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
     </parent>
     <dependencies>
         <dependency>
diff --git a/engine/api/pom.xml b/engine/api/pom.xml
index 4ebed0e00be3..2654a2ed8d7d 100644
--- a/engine/api/pom.xml
+++ b/engine/api/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/components-api/pom.xml b/engine/components-api/pom.xml
index de5afd58ff02..651b789dc98a 100644
--- a/engine/components-api/pom.xml
+++ b/engine/components-api/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/orchestration/pom.xml b/engine/orchestration/pom.xml
index f0ab03017d30..dd4bc8aa5105 100755
--- a/engine/orchestration/pom.xml
+++ b/engine/orchestration/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/pom.xml b/engine/pom.xml
index eeb19798ec16..3720b4d08b60 100644
--- a/engine/pom.xml
+++ b/engine/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <build>
diff --git a/engine/schema/pom.xml b/engine/schema/pom.xml
index 4d144ae8d914..04de8a07f88b 100644
--- a/engine/schema/pom.xml
+++ b/engine/schema/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/service/pom.xml b/engine/service/pom.xml
index acfedb5bd06a..ba090f2c5b96 100644
--- a/engine/service/pom.xml
+++ b/engine/service/pom.xml
@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
     </parent>
     <artifactId>cloud-engine-service</artifactId>
     <packaging>war</packaging>
diff --git a/engine/storage/cache/pom.xml b/engine/storage/cache/pom.xml
index be1131d3bfee..773fca373afc 100644
--- a/engine/storage/cache/pom.xml
+++ b/engine/storage/cache/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/storage/configdrive/pom.xml b/engine/storage/configdrive/pom.xml
index 1071fe5ea1a9..ddf2bffc1830 100644
--- a/engine/storage/configdrive/pom.xml
+++ b/engine/storage/configdrive/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/storage/datamotion/pom.xml b/engine/storage/datamotion/pom.xml
index cbb9c66f6e8f..6f4a06473f3b 100644
--- a/engine/storage/datamotion/pom.xml
+++ b/engine/storage/datamotion/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/storage/image/pom.xml b/engine/storage/image/pom.xml
index ff4afad22958..0658effcd508 100644
--- a/engine/storage/image/pom.xml
+++ b/engine/storage/image/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/storage/integration-test/pom.xml b/engine/storage/integration-test/pom.xml
index 1e1d52974885..21a24397985e 100644
--- a/engine/storage/integration-test/pom.xml
+++ b/engine/storage/integration-test/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/storage/object/pom.xml b/engine/storage/object/pom.xml
index 9d4982af5061..15e0639b031a 100644
--- a/engine/storage/object/pom.xml
+++ b/engine/storage/object/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/storage/pom.xml b/engine/storage/pom.xml
index c98cfe4d297e..ae5883aa68de 100644
--- a/engine/storage/pom.xml
+++ b/engine/storage/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/storage/snapshot/pom.xml b/engine/storage/snapshot/pom.xml
index d56fc91c85d1..baa581bfc1fd 100644
--- a/engine/storage/snapshot/pom.xml
+++ b/engine/storage/snapshot/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/storage/volume/pom.xml b/engine/storage/volume/pom.xml
index 25f81e9f9260..4d1b634461cb 100644
--- a/engine/storage/volume/pom.xml
+++ b/engine/storage/volume/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/engine/userdata/cloud-init/pom.xml b/engine/userdata/cloud-init/pom.xml
index 9c2f92d411af..ece4cad7bf7a 100644
--- a/engine/userdata/cloud-init/pom.xml
+++ b/engine/userdata/cloud-init/pom.xml
@@ -23,7 +23,7 @@
 <parent>
     <artifactId>cloud-engine</artifactId>
     <groupId>org.apache.cloudstack</groupId>
-    <version>4.19.1.1</version>
+    <version>4.19.1.2</version>
     <relativePath>../../pom.xml</relativePath>
 </parent>
 <dependencies>
diff --git a/engine/userdata/pom.xml b/engine/userdata/pom.xml
index 352a68738b75..77a24f3aa66a 100644
--- a/engine/userdata/pom.xml
+++ b/engine/userdata/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-engine</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/agent-lb/pom.xml b/framework/agent-lb/pom.xml
index a65e24e22809..c728ccf6e2ea 100644
--- a/framework/agent-lb/pom.xml
+++ b/framework/agent-lb/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <artifactId>cloudstack-framework</artifactId>
         <groupId>org.apache.cloudstack</groupId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/framework/ca/pom.xml b/framework/ca/pom.xml
index e05c55ee65c8..7799d1ff2629 100644
--- a/framework/ca/pom.xml
+++ b/framework/ca/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/framework/cluster/pom.xml b/framework/cluster/pom.xml
index 1dc046cd63fa..b3dbc32eda12 100644
--- a/framework/cluster/pom.xml
+++ b/framework/cluster/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/config/pom.xml b/framework/config/pom.xml
index 4f30a6ed2ba7..e1da4732f7fc 100644
--- a/framework/config/pom.xml
+++ b/framework/config/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/db/pom.xml b/framework/db/pom.xml
index cc6b82787f3d..2dbe24352e70 100644
--- a/framework/db/pom.xml
+++ b/framework/db/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/direct-download/pom.xml b/framework/direct-download/pom.xml
index 0bdefa91a4d7..a21e3e99b6f3 100644
--- a/framework/direct-download/pom.xml
+++ b/framework/direct-download/pom.xml
@@ -32,7 +32,7 @@
     <parent>
         <artifactId>cloudstack-framework</artifactId>
         <groupId>org.apache.cloudstack</groupId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/framework/events/pom.xml b/framework/events/pom.xml
index 73219ac1ec2b..58b68cf4fb7e 100644
--- a/framework/events/pom.xml
+++ b/framework/events/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/ipc/pom.xml b/framework/ipc/pom.xml
index b9010371438c..bc8cf2501e67 100644
--- a/framework/ipc/pom.xml
+++ b/framework/ipc/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/jobs/pom.xml b/framework/jobs/pom.xml
index 93690fd15053..de1cd1e79a45 100644
--- a/framework/jobs/pom.xml
+++ b/framework/jobs/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/managed-context/pom.xml b/framework/managed-context/pom.xml
index d40ed883df1f..9d14e7aa53ef 100644
--- a/framework/managed-context/pom.xml
+++ b/framework/managed-context/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/pom.xml b/framework/pom.xml
index 7b8bf9f72ec9..ab7935d28983 100644
--- a/framework/pom.xml
+++ b/framework/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
     </parent>
     <build>
         <plugins>
diff --git a/framework/quota/pom.xml b/framework/quota/pom.xml
index d4a325e94bcf..cbc018804264 100644
--- a/framework/quota/pom.xml
+++ b/framework/quota/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/rest/pom.xml b/framework/rest/pom.xml
index 0119e20a2fd3..ca5d9c39beb9 100644
--- a/framework/rest/pom.xml
+++ b/framework/rest/pom.xml
@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <artifactId>cloud-framework-rest</artifactId>
diff --git a/framework/security/pom.xml b/framework/security/pom.xml
index 80d596d7407e..d565e153e5e2 100644
--- a/framework/security/pom.xml
+++ b/framework/security/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-framework</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/spring/lifecycle/pom.xml b/framework/spring/lifecycle/pom.xml
index 673d93189079..27e6940a77b9 100644
--- a/framework/spring/lifecycle/pom.xml
+++ b/framework/spring/lifecycle/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/framework/spring/module/pom.xml b/framework/spring/module/pom.xml
index 2174116feb75..ed3668a4b9e6 100644
--- a/framework/spring/module/pom.xml
+++ b/framework/spring/module/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/acl/dynamic-role-based/pom.xml b/plugins/acl/dynamic-role-based/pom.xml
index 1bad1036409b..3e454a680a4d 100644
--- a/plugins/acl/dynamic-role-based/pom.xml
+++ b/plugins/acl/dynamic-role-based/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/acl/project-role-based/pom.xml b/plugins/acl/project-role-based/pom.xml
index 3313467ac29c..29160f41d21b 100644
--- a/plugins/acl/project-role-based/pom.xml
+++ b/plugins/acl/project-role-based/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/acl/static-role-based/pom.xml b/plugins/acl/static-role-based/pom.xml
index 93f80b7c6dcd..75f9e3d44c72 100644
--- a/plugins/acl/static-role-based/pom.xml
+++ b/plugins/acl/static-role-based/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/affinity-group-processors/explicit-dedication/pom.xml b/plugins/affinity-group-processors/explicit-dedication/pom.xml
index aaea68314a1c..364552748e18 100644
--- a/plugins/affinity-group-processors/explicit-dedication/pom.xml
+++ b/plugins/affinity-group-processors/explicit-dedication/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/affinity-group-processors/host-affinity/pom.xml b/plugins/affinity-group-processors/host-affinity/pom.xml
index fd4dc6213953..8ffc7757589a 100644
--- a/plugins/affinity-group-processors/host-affinity/pom.xml
+++ b/plugins/affinity-group-processors/host-affinity/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/affinity-group-processors/host-anti-affinity/pom.xml b/plugins/affinity-group-processors/host-anti-affinity/pom.xml
index fe586e3eeffa..e2fd70070300 100644
--- a/plugins/affinity-group-processors/host-anti-affinity/pom.xml
+++ b/plugins/affinity-group-processors/host-anti-affinity/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/affinity-group-processors/non-strict-host-affinity/pom.xml b/plugins/affinity-group-processors/non-strict-host-affinity/pom.xml
index 344d57f9a4d4..1ac2b32d0c8f 100644
--- a/plugins/affinity-group-processors/non-strict-host-affinity/pom.xml
+++ b/plugins/affinity-group-processors/non-strict-host-affinity/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/affinity-group-processors/non-strict-host-anti-affinity/pom.xml b/plugins/affinity-group-processors/non-strict-host-anti-affinity/pom.xml
index cd86ae881175..87a53f5b82aa 100644
--- a/plugins/affinity-group-processors/non-strict-host-anti-affinity/pom.xml
+++ b/plugins/affinity-group-processors/non-strict-host-anti-affinity/pom.xml
@@ -32,7 +32,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/alert-handlers/snmp-alerts/pom.xml b/plugins/alert-handlers/snmp-alerts/pom.xml
index b1353e743b65..da2ff6e77595 100644
--- a/plugins/alert-handlers/snmp-alerts/pom.xml
+++ b/plugins/alert-handlers/snmp-alerts/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <artifactId>cloudstack-plugins</artifactId>
         <groupId>org.apache.cloudstack</groupId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/alert-handlers/syslog-alerts/pom.xml b/plugins/alert-handlers/syslog-alerts/pom.xml
index 0c3976cc811b..f6214e0e8c83 100644
--- a/plugins/alert-handlers/syslog-alerts/pom.xml
+++ b/plugins/alert-handlers/syslog-alerts/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <artifactId>cloudstack-plugins</artifactId>
         <groupId>org.apache.cloudstack</groupId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/api/discovery/pom.xml b/plugins/api/discovery/pom.xml
index 088acb6523d1..3d5db00370d5 100644
--- a/plugins/api/discovery/pom.xml
+++ b/plugins/api/discovery/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/api/rate-limit/pom.xml b/plugins/api/rate-limit/pom.xml
index 4bddd771c0a7..74651b9cc022 100644
--- a/plugins/api/rate-limit/pom.xml
+++ b/plugins/api/rate-limit/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <build>
diff --git a/plugins/api/solidfire-intg-test/pom.xml b/plugins/api/solidfire-intg-test/pom.xml
index c7e8cb677f5e..ef86ad28aa45 100644
--- a/plugins/api/solidfire-intg-test/pom.xml
+++ b/plugins/api/solidfire-intg-test/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/api/vmware-sioc/pom.xml b/plugins/api/vmware-sioc/pom.xml
index 1138903aea56..a9c4f5b2fbf4 100644
--- a/plugins/api/vmware-sioc/pom.xml
+++ b/plugins/api/vmware-sioc/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/backup/dummy/pom.xml b/plugins/backup/dummy/pom.xml
index 9c0f783f65ab..37e23578a8e7 100644
--- a/plugins/backup/dummy/pom.xml
+++ b/plugins/backup/dummy/pom.xml
@@ -23,7 +23,7 @@
     <parent>
         <artifactId>cloudstack-plugins</artifactId>
         <groupId>org.apache.cloudstack</groupId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/backup/networker/pom.xml b/plugins/backup/networker/pom.xml
index 43a229a0cc25..bef73c3b1139 100644
--- a/plugins/backup/networker/pom.xml
+++ b/plugins/backup/networker/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <artifactId>cloudstack-plugins</artifactId>
         <groupId>org.apache.cloudstack</groupId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/backup/veeam/pom.xml b/plugins/backup/veeam/pom.xml
index 6e3484e447e0..50af6e2a8f2c 100644
--- a/plugins/backup/veeam/pom.xml
+++ b/plugins/backup/veeam/pom.xml
@@ -23,7 +23,7 @@
   <parent>
     <artifactId>cloudstack-plugins</artifactId>
     <groupId>org.apache.cloudstack</groupId>
-    <version>4.19.1.1</version>
+    <version>4.19.1.2</version>
     <relativePath>../../pom.xml</relativePath>
   </parent>
 
diff --git a/plugins/ca/root-ca/pom.xml b/plugins/ca/root-ca/pom.xml
index 749da5566eab..ed848716370e 100644
--- a/plugins/ca/root-ca/pom.xml
+++ b/plugins/ca/root-ca/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/database/mysql-ha/pom.xml b/plugins/database/mysql-ha/pom.xml
index 875a44fc5425..f092b09ce1a1 100644
--- a/plugins/database/mysql-ha/pom.xml
+++ b/plugins/database/mysql-ha/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/database/quota/pom.xml b/plugins/database/quota/pom.xml
index 2f3410af2f7e..d5bc0d67f41b 100644
--- a/plugins/database/quota/pom.xml
+++ b/plugins/database/quota/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/dedicated-resources/pom.xml b/plugins/dedicated-resources/pom.xml
index 4a917c4a7f11..3932a619af56 100644
--- a/plugins/dedicated-resources/pom.xml
+++ b/plugins/dedicated-resources/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/deployment-planners/implicit-dedication/pom.xml b/plugins/deployment-planners/implicit-dedication/pom.xml
index cbd530a15da4..d99e8baec991 100644
--- a/plugins/deployment-planners/implicit-dedication/pom.xml
+++ b/plugins/deployment-planners/implicit-dedication/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/deployment-planners/user-concentrated-pod/pom.xml b/plugins/deployment-planners/user-concentrated-pod/pom.xml
index 065fe546b061..231591a9dac6 100644
--- a/plugins/deployment-planners/user-concentrated-pod/pom.xml
+++ b/plugins/deployment-planners/user-concentrated-pod/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/deployment-planners/user-dispersing/pom.xml b/plugins/deployment-planners/user-dispersing/pom.xml
index deb6b51231a5..cafc155acad6 100644
--- a/plugins/deployment-planners/user-dispersing/pom.xml
+++ b/plugins/deployment-planners/user-dispersing/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/drs/cluster/balanced/pom.xml b/plugins/drs/cluster/balanced/pom.xml
index 3aa5ed0467f3..18970478c8b9 100644
--- a/plugins/drs/cluster/balanced/pom.xml
+++ b/plugins/drs/cluster/balanced/pom.xml
@@ -27,7 +27,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/drs/cluster/condensed/pom.xml b/plugins/drs/cluster/condensed/pom.xml
index 094f75058d79..b353db228f6d 100644
--- a/plugins/drs/cluster/condensed/pom.xml
+++ b/plugins/drs/cluster/condensed/pom.xml
@@ -27,7 +27,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/event-bus/inmemory/pom.xml b/plugins/event-bus/inmemory/pom.xml
index 7b107eef6017..58d84ea1a204 100644
--- a/plugins/event-bus/inmemory/pom.xml
+++ b/plugins/event-bus/inmemory/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/event-bus/kafka/pom.xml b/plugins/event-bus/kafka/pom.xml
index f76693d27027..05a5a1f8c3dc 100644
--- a/plugins/event-bus/kafka/pom.xml
+++ b/plugins/event-bus/kafka/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/event-bus/rabbitmq/pom.xml b/plugins/event-bus/rabbitmq/pom.xml
index e3e2d22f5063..9306626672e9 100644
--- a/plugins/event-bus/rabbitmq/pom.xml
+++ b/plugins/event-bus/rabbitmq/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/ha-planners/skip-heurestics/pom.xml b/plugins/ha-planners/skip-heurestics/pom.xml
index 54f753e19d10..1286be1092da 100644
--- a/plugins/ha-planners/skip-heurestics/pom.xml
+++ b/plugins/ha-planners/skip-heurestics/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/host-allocators/random/pom.xml b/plugins/host-allocators/random/pom.xml
index 71cecd962505..1aff16f0c4c2 100644
--- a/plugins/host-allocators/random/pom.xml
+++ b/plugins/host-allocators/random/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/hypervisors/baremetal/pom.xml b/plugins/hypervisors/baremetal/pom.xml
index 7e595ee8fbd4..dc121da0b7eb 100755
--- a/plugins/hypervisors/baremetal/pom.xml
+++ b/plugins/hypervisors/baremetal/pom.xml
@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <artifactId>cloud-plugin-hypervisor-baremetal</artifactId>
diff --git a/plugins/hypervisors/hyperv/pom.xml b/plugins/hypervisors/hyperv/pom.xml
index e458f42002f9..642c5a202f71 100644
--- a/plugins/hypervisors/hyperv/pom.xml
+++ b/plugins/hypervisors/hyperv/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <properties>
diff --git a/plugins/hypervisors/kvm/pom.xml b/plugins/hypervisors/kvm/pom.xml
index 8772e2067f7a..7db4f6e10ef3 100644
--- a/plugins/hypervisors/kvm/pom.xml
+++ b/plugins/hypervisors/kvm/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/hypervisors/ovm/pom.xml b/plugins/hypervisors/ovm/pom.xml
index 071da377e8f5..4afc662c391b 100644
--- a/plugins/hypervisors/ovm/pom.xml
+++ b/plugins/hypervisors/ovm/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/hypervisors/ovm3/pom.xml b/plugins/hypervisors/ovm3/pom.xml
index 93bed50f557b..cd78cbea4a01 100644
--- a/plugins/hypervisors/ovm3/pom.xml
+++ b/plugins/hypervisors/ovm3/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/hypervisors/simulator/pom.xml b/plugins/hypervisors/simulator/pom.xml
index fb6d76360c79..5d5f0f706ed2 100644
--- a/plugins/hypervisors/simulator/pom.xml
+++ b/plugins/hypervisors/simulator/pom.xml
@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <artifactId>cloud-plugin-hypervisor-simulator</artifactId>
diff --git a/plugins/hypervisors/ucs/pom.xml b/plugins/hypervisors/ucs/pom.xml
index 715ff0badff1..13a7cb2f01fd 100644
--- a/plugins/hypervisors/ucs/pom.xml
+++ b/plugins/hypervisors/ucs/pom.xml
@@ -23,7 +23,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <artifactId>cloud-plugin-hypervisor-ucs</artifactId>
diff --git a/plugins/hypervisors/vmware/pom.xml b/plugins/hypervisors/vmware/pom.xml
index b8889cbffec1..7afb28906825 100644
--- a/plugins/hypervisors/vmware/pom.xml
+++ b/plugins/hypervisors/vmware/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/hypervisors/xenserver/pom.xml b/plugins/hypervisors/xenserver/pom.xml
index 5e2006203380..cd63fc3a0181 100644
--- a/plugins/hypervisors/xenserver/pom.xml
+++ b/plugins/hypervisors/xenserver/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/integrations/cloudian/pom.xml b/plugins/integrations/cloudian/pom.xml
index 901acb7abc76..812aa06034ef 100644
--- a/plugins/integrations/cloudian/pom.xml
+++ b/plugins/integrations/cloudian/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/integrations/kubernetes-service/pom.xml b/plugins/integrations/kubernetes-service/pom.xml
index bc6d3adfdfb2..41afdcc1448f 100644
--- a/plugins/integrations/kubernetes-service/pom.xml
+++ b/plugins/integrations/kubernetes-service/pom.xml
@@ -26,7 +26,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/integrations/prometheus/pom.xml b/plugins/integrations/prometheus/pom.xml
index f9cad05ac6ef..edf42a1ec892 100644
--- a/plugins/integrations/prometheus/pom.xml
+++ b/plugins/integrations/prometheus/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/metrics/pom.xml b/plugins/metrics/pom.xml
index ac8fbe9e8154..690820fa401e 100644
--- a/plugins/metrics/pom.xml
+++ b/plugins/metrics/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/network-elements/bigswitch/pom.xml b/plugins/network-elements/bigswitch/pom.xml
index 88c661a906da..9cb94602f8ac 100644
--- a/plugins/network-elements/bigswitch/pom.xml
+++ b/plugins/network-elements/bigswitch/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/network-elements/brocade-vcs/pom.xml b/plugins/network-elements/brocade-vcs/pom.xml
index 96193a10575b..54a66d007593 100644
--- a/plugins/network-elements/brocade-vcs/pom.xml
+++ b/plugins/network-elements/brocade-vcs/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <build>
diff --git a/plugins/network-elements/cisco-vnmc/pom.xml b/plugins/network-elements/cisco-vnmc/pom.xml
index 87b8bb5a5814..3d7c4ab5e1d4 100644
--- a/plugins/network-elements/cisco-vnmc/pom.xml
+++ b/plugins/network-elements/cisco-vnmc/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/network-elements/dns-notifier/pom.xml b/plugins/network-elements/dns-notifier/pom.xml
index 0e0f8fe374cf..a451da887b8c 100644
--- a/plugins/network-elements/dns-notifier/pom.xml
+++ b/plugins/network-elements/dns-notifier/pom.xml
@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <artifactId>cloud-plugin-example-dns-notifier</artifactId>
diff --git a/plugins/network-elements/elastic-loadbalancer/pom.xml b/plugins/network-elements/elastic-loadbalancer/pom.xml
index dec208cb8d82..cae1d558403e 100644
--- a/plugins/network-elements/elastic-loadbalancer/pom.xml
+++ b/plugins/network-elements/elastic-loadbalancer/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/network-elements/globodns/pom.xml b/plugins/network-elements/globodns/pom.xml
index 2d4e2e766a46..5ff56fcbcc74 100644
--- a/plugins/network-elements/globodns/pom.xml
+++ b/plugins/network-elements/globodns/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/network-elements/internal-loadbalancer/pom.xml b/plugins/network-elements/internal-loadbalancer/pom.xml
index 6dafbb44b059..8a6a1c47b026 100644
--- a/plugins/network-elements/internal-loadbalancer/pom.xml
+++ b/plugins/network-elements/internal-loadbalancer/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/network-elements/juniper-contrail/pom.xml b/plugins/network-elements/juniper-contrail/pom.xml
index 7b623f1df82d..76e0a88ba60e 100644
--- a/plugins/network-elements/juniper-contrail/pom.xml
+++ b/plugins/network-elements/juniper-contrail/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/network-elements/netscaler/pom.xml b/plugins/network-elements/netscaler/pom.xml
index 8e87e3336eac..9a5d1179a40c 100644
--- a/plugins/network-elements/netscaler/pom.xml
+++ b/plugins/network-elements/netscaler/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/network-elements/nicira-nvp/pom.xml b/plugins/network-elements/nicira-nvp/pom.xml
index 2c6e4e7544f3..174775360621 100644
--- a/plugins/network-elements/nicira-nvp/pom.xml
+++ b/plugins/network-elements/nicira-nvp/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/network-elements/opendaylight/pom.xml b/plugins/network-elements/opendaylight/pom.xml
index 16567f3fb184..a1e48697a04a 100644
--- a/plugins/network-elements/opendaylight/pom.xml
+++ b/plugins/network-elements/opendaylight/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <profiles>
diff --git a/plugins/network-elements/ovs/pom.xml b/plugins/network-elements/ovs/pom.xml
index 1ba739869e48..0e0238a1f3b4 100644
--- a/plugins/network-elements/ovs/pom.xml
+++ b/plugins/network-elements/ovs/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/network-elements/palo-alto/pom.xml b/plugins/network-elements/palo-alto/pom.xml
index 43cf93ad0431..e78f6fcfd6aa 100644
--- a/plugins/network-elements/palo-alto/pom.xml
+++ b/plugins/network-elements/palo-alto/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/network-elements/stratosphere-ssp/pom.xml b/plugins/network-elements/stratosphere-ssp/pom.xml
index 852591c771c9..dd8ef92b24f1 100644
--- a/plugins/network-elements/stratosphere-ssp/pom.xml
+++ b/plugins/network-elements/stratosphere-ssp/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/network-elements/tungsten/pom.xml b/plugins/network-elements/tungsten/pom.xml
index 907063ca987e..cdfd5381475a 100644
--- a/plugins/network-elements/tungsten/pom.xml
+++ b/plugins/network-elements/tungsten/pom.xml
@@ -26,7 +26,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
diff --git a/plugins/network-elements/vxlan/pom.xml b/plugins/network-elements/vxlan/pom.xml
index b106aad623e3..c255e9f6a71e 100644
--- a/plugins/network-elements/vxlan/pom.xml
+++ b/plugins/network-elements/vxlan/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/outofbandmanagement-drivers/ipmitool/pom.xml b/plugins/outofbandmanagement-drivers/ipmitool/pom.xml
index 26a191a279ed..0d662d346092 100644
--- a/plugins/outofbandmanagement-drivers/ipmitool/pom.xml
+++ b/plugins/outofbandmanagement-drivers/ipmitool/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/outofbandmanagement-drivers/nested-cloudstack/pom.xml b/plugins/outofbandmanagement-drivers/nested-cloudstack/pom.xml
index d90643d331d8..3a2451ebd9d3 100644
--- a/plugins/outofbandmanagement-drivers/nested-cloudstack/pom.xml
+++ b/plugins/outofbandmanagement-drivers/nested-cloudstack/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/outofbandmanagement-drivers/redfish/pom.xml b/plugins/outofbandmanagement-drivers/redfish/pom.xml
index d4d1145d24e8..5c6d594d51bc 100644
--- a/plugins/outofbandmanagement-drivers/redfish/pom.xml
+++ b/plugins/outofbandmanagement-drivers/redfish/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/pom.xml b/plugins/pom.xml
index 48f79588eb5c..3cfaf7569bf3 100755
--- a/plugins/pom.xml
+++ b/plugins/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
     </parent>
     <build>
         <plugins>
diff --git a/plugins/shutdown/pom.xml b/plugins/shutdown/pom.xml
index b7ca2e40baca..833fb7b3a60a 100644
--- a/plugins/shutdown/pom.xml
+++ b/plugins/shutdown/pom.xml
@@ -26,7 +26,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage-allocators/random/pom.xml b/plugins/storage-allocators/random/pom.xml
index 2b62c6e5d3f3..a151cf22e54a 100644
--- a/plugins/storage-allocators/random/pom.xml
+++ b/plugins/storage-allocators/random/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/image/default/pom.xml b/plugins/storage/image/default/pom.xml
index 1925c870dfe2..d9ff818c1ca4 100644
--- a/plugins/storage/image/default/pom.xml
+++ b/plugins/storage/image/default/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/image/s3/pom.xml b/plugins/storage/image/s3/pom.xml
index 50c42978b1bd..f705f19bdedc 100644
--- a/plugins/storage/image/s3/pom.xml
+++ b/plugins/storage/image/s3/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/image/sample/pom.xml b/plugins/storage/image/sample/pom.xml
index ef728bf7c43e..63eb932a2092 100644
--- a/plugins/storage/image/sample/pom.xml
+++ b/plugins/storage/image/sample/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/image/swift/pom.xml b/plugins/storage/image/swift/pom.xml
index f8124f5ed9d0..df8a77b2886d 100644
--- a/plugins/storage/image/swift/pom.xml
+++ b/plugins/storage/image/swift/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/object/minio/pom.xml b/plugins/storage/object/minio/pom.xml
index a0c803d2e709..5f3844069950 100644
--- a/plugins/storage/object/minio/pom.xml
+++ b/plugins/storage/object/minio/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/object/simulator/pom.xml b/plugins/storage/object/simulator/pom.xml
index a8d83ee547e7..f8fa5040db60 100644
--- a/plugins/storage/object/simulator/pom.xml
+++ b/plugins/storage/object/simulator/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/volume/adaptive/pom.xml b/plugins/storage/volume/adaptive/pom.xml
index e170a730c00c..6dd4d340e7ba 100644
--- a/plugins/storage/volume/adaptive/pom.xml
+++ b/plugins/storage/volume/adaptive/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/volume/cloudbyte/pom.xml b/plugins/storage/volume/cloudbyte/pom.xml
index 1a2a667e0cf9..3d24826fdbd0 100644
--- a/plugins/storage/volume/cloudbyte/pom.xml
+++ b/plugins/storage/volume/cloudbyte/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/volume/datera/pom.xml b/plugins/storage/volume/datera/pom.xml
index f8563f9a8eee..107017e052c0 100644
--- a/plugins/storage/volume/datera/pom.xml
+++ b/plugins/storage/volume/datera/pom.xml
@@ -16,7 +16,7 @@
   <parent>
     <groupId>org.apache.cloudstack</groupId>
     <artifactId>cloudstack-plugins</artifactId>
-    <version>4.19.1.1</version>
+    <version>4.19.1.2</version>
     <relativePath>../../../pom.xml</relativePath>
   </parent>
   <dependencies>
diff --git a/plugins/storage/volume/default/pom.xml b/plugins/storage/volume/default/pom.xml
index c5a7e5561b1c..b749ccb0f089 100644
--- a/plugins/storage/volume/default/pom.xml
+++ b/plugins/storage/volume/default/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/volume/flasharray/pom.xml b/plugins/storage/volume/flasharray/pom.xml
index 56f034a954e6..f0abeb9a6239 100644
--- a/plugins/storage/volume/flasharray/pom.xml
+++ b/plugins/storage/volume/flasharray/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/volume/linstor/pom.xml b/plugins/storage/volume/linstor/pom.xml
index 7d1c157dc5e1..5dcfa1e311c7 100644
--- a/plugins/storage/volume/linstor/pom.xml
+++ b/plugins/storage/volume/linstor/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/volume/nexenta/pom.xml b/plugins/storage/volume/nexenta/pom.xml
index 5b44b7087e33..93bab1b08eec 100644
--- a/plugins/storage/volume/nexenta/pom.xml
+++ b/plugins/storage/volume/nexenta/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/volume/primera/pom.xml b/plugins/storage/volume/primera/pom.xml
index cb137fd74806..c088270e7888 100644
--- a/plugins/storage/volume/primera/pom.xml
+++ b/plugins/storage/volume/primera/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/volume/sample/pom.xml b/plugins/storage/volume/sample/pom.xml
index 7208076858b0..4a2bfe651eb7 100644
--- a/plugins/storage/volume/sample/pom.xml
+++ b/plugins/storage/volume/sample/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/volume/scaleio/pom.xml b/plugins/storage/volume/scaleio/pom.xml
index 96264a2e91fb..581d8737c02d 100644
--- a/plugins/storage/volume/scaleio/pom.xml
+++ b/plugins/storage/volume/scaleio/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/volume/solidfire/pom.xml b/plugins/storage/volume/solidfire/pom.xml
index 80f0d3aed3ad..186991de98bf 100644
--- a/plugins/storage/volume/solidfire/pom.xml
+++ b/plugins/storage/volume/solidfire/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/storage/volume/storpool/pom.xml b/plugins/storage/volume/storpool/pom.xml
index ef2cc3eba70b..8d7dcde2c198 100644
--- a/plugins/storage/volume/storpool/pom.xml
+++ b/plugins/storage/volume/storpool/pom.xml
@@ -17,7 +17,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/user-authenticators/ldap/pom.xml b/plugins/user-authenticators/ldap/pom.xml
index fcffb84c9e71..672856a04fa8 100644
--- a/plugins/user-authenticators/ldap/pom.xml
+++ b/plugins/user-authenticators/ldap/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
diff --git a/plugins/user-authenticators/md5/pom.xml b/plugins/user-authenticators/md5/pom.xml
index 69d39f1050af..52ce473916bb 100644
--- a/plugins/user-authenticators/md5/pom.xml
+++ b/plugins/user-authenticators/md5/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/user-authenticators/oauth2/pom.xml b/plugins/user-authenticators/oauth2/pom.xml
index 18f594166ed0..f28425ede941 100644
--- a/plugins/user-authenticators/oauth2/pom.xml
+++ b/plugins/user-authenticators/oauth2/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/user-authenticators/pbkdf2/pom.xml b/plugins/user-authenticators/pbkdf2/pom.xml
index 663f7eead609..e90b9d9de286 100644
--- a/plugins/user-authenticators/pbkdf2/pom.xml
+++ b/plugins/user-authenticators/pbkdf2/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/user-authenticators/plain-text/pom.xml b/plugins/user-authenticators/plain-text/pom.xml
index 81a07c47de12..b22c806ba043 100644
--- a/plugins/user-authenticators/plain-text/pom.xml
+++ b/plugins/user-authenticators/plain-text/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/user-authenticators/saml2/pom.xml b/plugins/user-authenticators/saml2/pom.xml
index 8742800328a3..c019af8d6297 100644
--- a/plugins/user-authenticators/saml2/pom.xml
+++ b/plugins/user-authenticators/saml2/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/plugins/user-authenticators/sha256salted/pom.xml b/plugins/user-authenticators/sha256salted/pom.xml
index 21d11ebb9884..24aac411b101 100644
--- a/plugins/user-authenticators/sha256salted/pom.xml
+++ b/plugins/user-authenticators/sha256salted/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/user-two-factor-authenticators/static-pin/pom.xml b/plugins/user-two-factor-authenticators/static-pin/pom.xml
index f494d3898e3c..ddbcdc422b03 100644
--- a/plugins/user-two-factor-authenticators/static-pin/pom.xml
+++ b/plugins/user-two-factor-authenticators/static-pin/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/plugins/user-two-factor-authenticators/totp/pom.xml b/plugins/user-two-factor-authenticators/totp/pom.xml
index b9093d6afab2..bc38e002e2b0 100644
--- a/plugins/user-two-factor-authenticators/totp/pom.xml
+++ b/plugins/user-two-factor-authenticators/totp/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-plugins</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/pom.xml b/pom.xml
index e3228e574a94..0d7151527cbb 100644
--- a/pom.xml
+++ b/pom.xml
@@ -29,7 +29,7 @@
 
     <groupId>org.apache.cloudstack</groupId>
     <artifactId>cloudstack</artifactId>
-    <version>4.19.1.1</version>
+    <version>4.19.1.2</version>
     <packaging>pom</packaging>
     <name>Apache CloudStack</name>
     <description>Apache CloudStack is an IaaS ("Infrastructure as a Service") cloud orchestration platform.</description>
diff --git a/quickcloud/pom.xml b/quickcloud/pom.xml
index 7f81244db091..325fb7ff85ac 100644
--- a/quickcloud/pom.xml
+++ b/quickcloud/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 </project>
diff --git a/server/pom.xml b/server/pom.xml
index 09d8ee309c9e..a1187b426aa1 100644
--- a/server/pom.xml
+++ b/server/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
     </parent>
     <repositories>
         <repository>
diff --git a/services/console-proxy/pom.xml b/services/console-proxy/pom.xml
index 02ee2921d2a9..2fa22292d6f7 100644
--- a/services/console-proxy/pom.xml
+++ b/services/console-proxy/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-services</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <build>
diff --git a/services/console-proxy/rdpconsole/pom.xml b/services/console-proxy/rdpconsole/pom.xml
index 0d74b451474a..3858a78d4602 100644
--- a/services/console-proxy/rdpconsole/pom.xml
+++ b/services/console-proxy/rdpconsole/pom.xml
@@ -26,7 +26,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-service-console-proxy</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/services/console-proxy/server/pom.xml b/services/console-proxy/server/pom.xml
index 48024431a8d1..99b9fea1bf75 100644
--- a/services/console-proxy/server/pom.xml
+++ b/services/console-proxy/server/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-service-console-proxy</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/services/pom.xml b/services/pom.xml
index 24169e8778df..ffa61f12cb26 100644
--- a/services/pom.xml
+++ b/services/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <build>
diff --git a/services/secondary-storage/controller/pom.xml b/services/secondary-storage/controller/pom.xml
index c0dfb9e79cab..393e36047845 100644
--- a/services/secondary-storage/controller/pom.xml
+++ b/services/secondary-storage/controller/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-service-secondary-storage</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/services/secondary-storage/pom.xml b/services/secondary-storage/pom.xml
index a5a35c63c88d..22db68a79832 100644
--- a/services/secondary-storage/pom.xml
+++ b/services/secondary-storage/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-services</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <build>
diff --git a/services/secondary-storage/server/pom.xml b/services/secondary-storage/server/pom.xml
index fa6d40782a35..30fd233cd5fc 100644
--- a/services/secondary-storage/server/pom.xml
+++ b/services/secondary-storage/server/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack-service-secondary-storage</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/systemvm/pom.xml b/systemvm/pom.xml
index 4d742ad7a009..f0b330643c18 100644
--- a/systemvm/pom.xml
+++ b/systemvm/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <properties>
diff --git a/test/pom.xml b/test/pom.xml
index 7a68fcdcef1f..eff245bc38af 100644
--- a/test/pom.xml
+++ b/test/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
     </parent>
     <dependencies>
         <dependency>
diff --git a/tools/apidoc/pom.xml b/tools/apidoc/pom.xml
index 20196a426146..afefac3a74b3 100644
--- a/tools/apidoc/pom.xml
+++ b/tools/apidoc/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-tools</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <properties>
diff --git a/tools/checkstyle/pom.xml b/tools/checkstyle/pom.xml
index fa4122d0391b..d4a7743e9c63 100644
--- a/tools/checkstyle/pom.xml
+++ b/tools/checkstyle/pom.xml
@@ -22,7 +22,7 @@
     <name>Apache CloudStack Developer Tools - Checkstyle Configuration</name>
     <groupId>org.apache.cloudstack</groupId>
     <artifactId>checkstyle</artifactId>
-    <version>4.19.1.1</version>
+    <version>4.19.1.2</version>
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
diff --git a/tools/devcloud-kvm/pom.xml b/tools/devcloud-kvm/pom.xml
index 1fbb630eff85..2bb84f2ba383 100644
--- a/tools/devcloud-kvm/pom.xml
+++ b/tools/devcloud-kvm/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-tools</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/tools/devcloud4/pom.xml b/tools/devcloud4/pom.xml
index d6ccfa14245d..b7f3a39be22a 100644
--- a/tools/devcloud4/pom.xml
+++ b/tools/devcloud4/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-tools</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/tools/marvin/pom.xml b/tools/marvin/pom.xml
index 94adc211b51f..94ded408c9b9 100644
--- a/tools/marvin/pom.xml
+++ b/tools/marvin/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloud-tools</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/tools/pom.xml b/tools/pom.xml
index 67ab345b527c..2923919b4dd0 100644
--- a/tools/pom.xml
+++ b/tools/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <build>
diff --git a/usage/pom.xml b/usage/pom.xml
index cca3c59d49fb..36dee654a93b 100644
--- a/usage/pom.xml
+++ b/usage/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
     </parent>
     <dependencies>
         <dependency>
diff --git a/utils/pom.xml b/utils/pom.xml
index 8d3b6863c224..c585d586056b 100755
--- a/utils/pom.xml
+++ b/utils/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <dependencies>
diff --git a/vmware-base/pom.xml b/vmware-base/pom.xml
index 958a461ee40e..27bf264c364b 100644
--- a/vmware-base/pom.xml
+++ b/vmware-base/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.apache.cloudstack</groupId>
         <artifactId>cloudstack</artifactId>
-        <version>4.19.1.1</version>
+        <version>4.19.1.2</version>
     </parent>
     <dependencies>
         <dependency>

From d6181d542108d02cca31daa758234bb29e1b317a Mon Sep 17 00:00:00 2001
From: Lucas Martins <56271185+lucas-a-martins@users.noreply.github.com>
Date: Fri, 4 Oct 2024 16:41:30 -0300
Subject: [PATCH 21/24] Fix `updateTemplatePermission` when the UI is set to a
 language other than English (#9766)

* Fix updateTemplatePermission UI in non-english language

* Improve fix

---------

Co-authored-by: Lucas Martins <lucas.martins@scclouds.com.br>
---
 ui/public/locales/pt_BR.json                   |  4 ++--
 .../image/UpdateTemplateIsoPermissions.vue     | 18 +++++++++---------
 2 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/ui/public/locales/pt_BR.json b/ui/public/locales/pt_BR.json
index f02aee747eb8..6955d83a510e 100644
--- a/ui/public/locales/pt_BR.json
+++ b/ui/public/locales/pt_BR.json
@@ -1482,8 +1482,8 @@
 "label.setting": "Configura\u00e7\u00e3o",
 "label.settings": "Configura\u00e7\u00f5es",
 "label.setup": "Configura\u00e7\u00e3o",
-"label.shared": "Compatilhado",
-"label.sharedexecutable": "Compatilhado",
+"label.shared": "Compartilhado",
+"label.sharedexecutable": "Compartilhado",
 "label.sharedmountpoint": "SharedMountPoint",
 "label.sharedrouterip": "Endere\u00e7os IPv4 para o roteador dentro da rede compartilhada",
 "label.sharedrouteripv6": "Endere\u00e7os IPv6 para o roteador dentro da rede compartilhada",
diff --git a/ui/src/views/image/UpdateTemplateIsoPermissions.vue b/ui/src/views/image/UpdateTemplateIsoPermissions.vue
index c7b0f9e5cf19..557574156b17 100644
--- a/ui/src/views/image/UpdateTemplateIsoPermissions.vue
+++ b/ui/src/views/image/UpdateTemplateIsoPermissions.vue
@@ -25,7 +25,7 @@
       <p class="form__label">{{ $t('label.operation') }}</p>
       <a-select
         v-model:value="selectedOperation"
-        :defaultValue="$t('label.add')"
+        :defaultValue="'add'"
         @change="fetchData"
         v-focus="true"
         showSearch
@@ -33,13 +33,13 @@
         :filterOption="(input, option) => {
           return option.value.toLowerCase().indexOf(input.toLowerCase()) >= 0
         }" >
-        <a-select-option :value="$t('label.add')">{{ $t('label.add') }}</a-select-option>
-        <a-select-option :value="$t('label.remove')">{{ $t('label.remove') }}</a-select-option>
-        <a-select-option :value="$t('label.reset')">{{ $t('label.reset') }}</a-select-option>
+        <a-select-option :value="'add'">{{ $t('label.add') }}</a-select-option>
+        <a-select-option :value="'remove'">{{ $t('label.remove') }}</a-select-option>
+        <a-select-option :value="'reset'">{{ $t('label.reset') }}</a-select-option>
       </a-select>
     </div>
 
-    <template v-if="selectedOperation !== $t('label.reset')">
+    <template v-if="selectedOperation !== 'reset'">
       <div class="form__item">
         <p class="form__label">
           <span class="required">*</span>
@@ -150,7 +150,7 @@ export default {
       selectedAccounts: [],
       selectedProjects: [],
       selectedAccountsList: '',
-      selectedOperation: this.$t('label.add'),
+      selectedOperation: 'add',
       selectedShareWith: this.$t('label.account'),
       accountError: false,
       projectError: false,
@@ -163,7 +163,7 @@ export default {
     accountsList () {
       return this.accounts.length > 0 ? this.accounts
         .filter(a =>
-          this.selectedOperation === this.$t('label.add')
+          this.selectedOperation === 'add'
             ? !this.permittedAccounts.includes(a.name)
             : this.permittedAccounts.includes(a.name)
         ) : this.accounts
@@ -171,7 +171,7 @@ export default {
     projectsList () {
       return this.projects > 0 ? this.projects
         .filter(p =>
-          this.selectedOperation === this.$t('label.add')
+          this.selectedOperation === 'add'
             ? !this.permittedProjects.includes(p.id)
             : this.permittedProjects.includes(p.id)
         ) : this.projects
@@ -252,7 +252,7 @@ export default {
       })
     },
     handleChange (selectedItems) {
-      if (this.selectedOperation === this.$t('label.add') || this.selectedOperation === this.$t('label.remove')) {
+      if (this.selectedOperation === 'add' || this.selectedOperation === 'remove') {
         if (this.selectedShareWith === this.$t('label.account')) {
           this.selectedAccounts = selectedItems
         } else {

From 9c86c4da96865890def75a002449c8bd15a1e32c Mon Sep 17 00:00:00 2001
From: Pearl Dsilva <pearl1594@gmail.com>
Date: Tue, 8 Oct 2024 12:04:54 -0400
Subject: [PATCH 22/24] Filter list VMs by IP address (#9547)

---
 .../com/cloud/utils/db/GenericDaoBase.java    | 42 +++++++++++++------
 .../com/cloud/api/query/QueryManagerImpl.java | 24 +++++++++++
 2 files changed, 53 insertions(+), 13 deletions(-)

diff --git a/framework/db/src/main/java/com/cloud/utils/db/GenericDaoBase.java b/framework/db/src/main/java/com/cloud/utils/db/GenericDaoBase.java
index 3b950e1983dd..9b26ebf7f959 100644
--- a/framework/db/src/main/java/com/cloud/utils/db/GenericDaoBase.java
+++ b/framework/db/src/main/java/com/cloud/utils/db/GenericDaoBase.java
@@ -421,7 +421,6 @@ public List<T> searchIncludingRemoved(SearchCriteria<T> sc, final Filter filter,
                     pstmt.setObject(i++, value);
                 }
             }
-
             if (s_logger.isDebugEnabled() && lock != null) {
                 txn.registerLock(pstmt.toString());
             }
@@ -1342,22 +1341,39 @@ protected List<Attribute> addJoins(StringBuilder str, Collection<JoinBuilder<Sea
                     onClause.append("?");
                     joinAttrList.add(join.getFirstAttributes()[i]);
                 } else {
-                    onClause.append(joinedTableNames.getOrDefault(join.getFirstAttributes()[i].table, join.getFirstAttributes()[i].table))
-                    .append(".")
-                    .append(join.getFirstAttributes()[i].columnName);
+                    if ((join.getFirstAttributes()[i].table == null && join.getFirstAttributes()[i].value == null) ||
+                            (join.getSecondAttribute()[i].table == null && join.getSecondAttribute()[i].value == null)) {
+                        onClause.append(joinedTableNames.getOrDefault(join.getSecondAttribute()[i].table, join.getFirstAttributes()[i].table))
+                                .append(".");
+                        if (join.getFirstAttributes()[i].table == null && join.getFirstAttributes()[i].value == null) {
+                            onClause.append(join.getSecondAttribute()[i].columnName);
+                        } else {
+                            onClause.append(join.getFirstAttributes()[i].columnName);
+                        }
+
+                    } else {
+                        onClause.append(joinedTableNames.getOrDefault(join.getFirstAttributes()[i].table, join.getFirstAttributes()[i].table))
+                                .append(".")
+                                .append(join.getFirstAttributes()[i].columnName);
+                    }
                 }
-                onClause.append("=");
-                if (join.getSecondAttribute()[i].getValue() != null) {
-                    onClause.append("?");
-                    joinAttrList.add(join.getSecondAttribute()[i]);
+                if ((join.getFirstAttributes()[i].table == null && join.getFirstAttributes()[i].value == null) ||
+                        (join.getSecondAttribute()[i].table == null && join.getSecondAttribute()[i].value == null)) {
+                    onClause.append(" IS NULL");
                 } else {
-                    if(!joinTableAlias.equals(joinTableName)) {
-                        onClause.append(joinTableAlias);
+                    onClause.append("=");
+                    if (join.getSecondAttribute()[i].getValue() != null) {
+                        onClause.append("?");
+                        joinAttrList.add(join.getSecondAttribute()[i]);
                     } else {
-                        onClause.append(joinTableName);
+                        if (!joinTableAlias.equals(joinTableName)) {
+                            onClause.append(joinTableAlias);
+                        } else {
+                            onClause.append(joinTableName);
+                        }
+                        onClause.append(".")
+                                .append(join.getSecondAttribute()[i].columnName);
                     }
-                    onClause.append(".")
-                    .append(join.getSecondAttribute()[i].columnName);
                 }
             }
             onClause.append(" ");
diff --git a/server/src/main/java/com/cloud/api/query/QueryManagerImpl.java b/server/src/main/java/com/cloud/api/query/QueryManagerImpl.java
index dce1978f4b9d..a702e92e0bdc 100644
--- a/server/src/main/java/com/cloud/api/query/QueryManagerImpl.java
+++ b/server/src/main/java/com/cloud/api/query/QueryManagerImpl.java
@@ -34,6 +34,8 @@
 
 import javax.inject.Inject;
 
+import com.cloud.network.dao.IPAddressDao;
+import com.cloud.network.dao.IPAddressVO;
 import com.cloud.storage.StoragePool;
 import com.cloud.storage.StoragePoolHostVO;
 import com.cloud.event.EventVO;
@@ -549,6 +551,9 @@ public class QueryManagerImpl extends MutualExclusiveIdsManagerBase implements Q
     @Inject
     private NetworkDao networkDao;
 
+    @Inject
+    private IPAddressDao ipAddressDao;
+
     @Inject
     private NicDao nicDao;
 
@@ -1453,6 +1458,22 @@ private Pair<List<Long>, Integer> searchForUserVMIdsAndCount(ListVMsCmd cmd) {
             if (isRootAdmin) {
                 userVmSearchBuilder.or("keywordInstanceName", userVmSearchBuilder.entity().getInstanceName(), Op.LIKE );
             }
+
+            SearchBuilder<IPAddressVO> ipAddressSearch = ipAddressDao.createSearchBuilder();
+            userVmSearchBuilder.join("ipAddressSearch", ipAddressSearch,
+                    ipAddressSearch.entity().getAssociatedWithVmId(), userVmSearchBuilder.entity().getId(), JoinBuilder.JoinType.LEFT);
+
+            SearchBuilder<NicVO> nicSearch = nicDao.createSearchBuilder();
+            userVmSearchBuilder.join("nicSearch", nicSearch, JoinBuilder.JoinType.LEFT,
+                    JoinBuilder.JoinCondition.AND,
+                    nicSearch.entity().getInstanceId(), userVmSearchBuilder.entity().getId(),
+                    nicSearch.entity().getRemoved(), userVmSearchBuilder.entity().setLong(null));
+
+            userVmSearchBuilder.or("ipAddressSearch", "keywordPublicIpAddress", ipAddressSearch.entity().getAddress(), Op.LIKE);
+
+            userVmSearchBuilder.or("nicSearch", "keywordIpAddress", nicSearch.entity().getIPv4Address(), Op.LIKE);
+            userVmSearchBuilder.or("nicSearch", "keywordIp6Address", nicSearch.entity().getIPv6Address(), Op.LIKE);
+
             userVmSearchBuilder.cp();
         }
 
@@ -1546,6 +1567,9 @@ private Pair<List<Long>, Integer> searchForUserVMIdsAndCount(ListVMsCmd cmd) {
             userVmSearchCriteria.setParameters("keywordDisplayName", keywordMatch);
             userVmSearchCriteria.setParameters("keywordName", keywordMatch);
             userVmSearchCriteria.setParameters("keywordState", keyword);
+            userVmSearchCriteria.setParameters("keywordIpAddress", keywordMatch);
+            userVmSearchCriteria.setParameters("keywordPublicIpAddress", keywordMatch);
+            userVmSearchCriteria.setParameters("keywordIp6Address", keywordMatch);
             if (isRootAdmin) {
                 userVmSearchCriteria.setParameters("keywordInstanceName", keywordMatch);
             }

From 8925ac72018b7570937e12819b97bfae0230b887 Mon Sep 17 00:00:00 2001
From: Pearl Dsilva <pearl1594@gmail.com>
Date: Thu, 10 Oct 2024 07:40:43 -0400
Subject: [PATCH 23/24] Fix Listing backup schedules (#9749)

---
 .../api/command/user/backup/ListBackupScheduleCmd.java          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/backup/ListBackupScheduleCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/backup/ListBackupScheduleCmd.java
index a76107174358..fa6e3ea5d455 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/backup/ListBackupScheduleCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/backup/ListBackupScheduleCmd.java
@@ -82,7 +82,7 @@ public void execute() throws ResourceUnavailableException, InsufficientCapacityE
             List<BackupSchedule> schedules = backupManager.listBackupSchedule(getVmId());
             ListResponse<BackupScheduleResponse> response = new ListResponse<>();
             List<BackupScheduleResponse> scheduleResponses = new ArrayList<>();
-            if (CollectionUtils.isNullOrEmpty(schedules)) {
+            if (!CollectionUtils.isNullOrEmpty(schedules)) {
                 for (BackupSchedule schedule : schedules) {
                     scheduleResponses.add(_responseGenerator.createBackupScheduleResponse(schedule));
                 }

From cb24461c39e9a76d1a68cc0c8596f85bc49806c4 Mon Sep 17 00:00:00 2001
From: Suresh Kumar Anaparti <sureshkumar.anaparti@gmail.com>
Date: Sat, 29 Jun 2024 11:03:30 +0530
Subject: [PATCH 24/24] DO NOT MERGE

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index f66a4dc6f975..8b7373902f89 100644
--- a/README.md
+++ b/README.md
@@ -2,7 +2,7 @@
 
 [![Apache CloudStack](tools/logo/apache_cloudstack.png)](https://cloudstack.apache.org/)
 
-Apache CloudStack is open source software designed to deploy and manage large
+Apache CloudStack™ is an open-source software system designed to deploy and manage large
 networks of virtual machines, as a highly available, highly scalable
 Infrastructure as a Service (IaaS) cloud computing platform. CloudStack is used
 by a number of service providers to offer public cloud services, and by many