Apache CloudStack is being updated to version 4.0.2 today fixing at least 40 bugs.
From my perspective two of the flaws are particularly interesting and those are the security flaws.
CVE-2013-2756 is a flaw that could potentially enable an attacker to gain unauthorized access to another person’s virtual machines