ReleaseNotes/2014.1.4

= Release Notes, 2014.1.4 =

The 2014.1.4 release is a Icehouse bugfix update for OpenStack Compute (Nova), OpenStack Identity (Keystone), OpenStack Image Registry and Delivery Service (Glance), OpenStack Networking (Neutron), OpenStack Block Storage (Cinder), OpenStack Dashboard (Horizon), OpenStack Orchestration (Heat), OpenStack Telemetry (Ceilometer) and Openstack Database (Trove).

The bugfixes contained in this release were backported from the development branches into a stable branch. The release is intended to be a low risk update with no intentional regressions or API changes.

Resolved Security Issues

 * http://security.openstack.org/ossa/OSSA-2015-005.html
 * http://security.openstack.org/ossa/OSSA-2015-003.html
 * http://security.openstack.org/ossa/OSSA-2015-002.html
 * http://security.openstack.org/ossa/OSSA-2014-041.html
 * http://security.openstack.org/ossa/OSSA-2014-040.html
 * http://security.openstack.org/ossa/OSSA-2014-039.html
 * http://security.openstack.org/ossa/OSSA-2014-038.html
 * http://security.openstack.org/ossa/OSSA-2014-037.html
 * http://security.openstack.org/ossa/OSSA-2014-036.html
 * http://security.openstack.org/ossa/OSSA-2014-035.html

Bugs Fixed
In total, 89 bugs are fixed by this update.


 * List of OpenStack Compute (Nova) bugs fixed in the 2014.1.4 release
 * List of OpenStack Identity (Keystone) bugs fixed in the 2014.1.4 release
 * List of OpenStack Image Registry and Delivery Service (Glance) bugs fixed in the 2014.1.4 release
 * List of OpenStack Networking (Neutron) bugs fixed in the 2014.1.4 release
 * List of OpenStack Block Storage (Cinder) bugs fixed in the 2014.1.4 release
 * List of OpenStack Dashboard (Horizon) bugs fixed in the 2014.1.4 release
 * List of OpenStack Orchestration (Heat) bugs fixed in the 2014.1.4 release
 * List of OpenStack Telemetry (Ceilometer) bugs fixed in the 2014.1.4 release
 * List of OpenStack Database (Trove) bugs fixed in the 2014.1.4 release

Nova

 * Fix unsafe SSL connection on TrustedFilter adds an option attestation_insecure_ssl in TrustedFilter which can be used to verify CAs. The default value is set to True, disabling SSL certificate verification. While this is the insecure option, it was selected for backward compatibility reasons.
 * There is a known issue with the new websocket origin access control (OSSA 2015-005): ValidationError will prevent VNC and SPICE connection if base_urls are not properly configured. The novncproxy_base_url and html5proxy_base_url now need to match the TLS settings of the connection origin and needs to be set explicitly where the nova proxy service is running.

Cinder

 * Fix for the Eventlet threads not released back to the pool added wsgi_keep_alive option. In order to maintain the backward compatibility default value is True and recommended is to set it to False.

Neutron

 * There is a known issue in all Icehouse releases that results in Neutron DHCP agent constantly resyncing its state once a network and a subnet is created with a gateway outside of it. To avoid this, users are encouraged to set force_gateway_on_subnet to True in neutron.conf. See Bug 1304181
 * Fix for the Eventlet threads not released back to the pool added wsgi_keep_alive option. In order to maintain the backward compatibility default value is True and recommended is to set it to False.