ReleaseNotes/2012.1.3

= Release Notes, 2012.1.3 =

The 2012.1.3 release is an Essex bugfix update for Nova, Keystone and Horizon. No further official Essex releases of these projects are planned.

The bugfixes contained in this release were backported from the development branches into a stable branch. The release is intended to be a relatively risk free update with no intentional regressions or API changes.

Bugs Fixed
In total, 30 launchpad bugs are fixed by this update.


 * List of Nova bugs fixed in the 2012.1.3 release
 * List of Keystone bugs fixed in the 2012.1.3 release
 * List of Horizon bugs fixed in the 2012.1.3 release

Keystone

 * OSSA 2012-013/CVE-2012-3542 - Lack of authorization for adding users to tenants (Critical)
 * OSSA 2012-014/CVE-2012-4413 - Revoking a role does not affect existing tokens (High)

Horizon

 * OSSA 2012-012/CVE-2012-3540 - Open redirect through 'next' parameter (Medium)

Nova

 * do_refresh_security_group_rules in nova.virt.firewall is very slow

Glance
A further release of Glance may be announced to resolve this issue with migrating from Diablo to Essex:


 * Diablo->Essex migration breaks Nova image_ref