ReleaseNotes/2012.2.4

= Release Notes, 2012.2.4 =

The 2012.2.4 release is a Folsom bugfix update for Nova, Glance, Cinder, Quantum, Keystone and Horizon. No further official Folsom releases of these projects are planned.

The bugfixes contained in this release were backported from the development branches into a stable branch. The release is intended to be a relatively risk free update with no intentional regressions or API changes.

Upgrade Notes

 * In order to prevent a denial of service by depleting the FixedIP pool (CVE-2013-1838, see below) we introduced a new quota for Fixed IPs. To avoid upgrade issues, that quota is initially set to unlimited. Operators that use the multinic option have to opt into fixed IP quotas by changing quota_fixed_ips parameter in nova.conf.

Nova

 * OSSA 2013-004/CVE-2013-1664, CVE-2013-1665 - Information leak and Denial of Service using XML entities
 * OSSA 2013-006/CVE-2013-0335 - VNC proxy can connect to the wrong VM
 * OSSA 2013-008/CVE-2013-1838 - Nova DoS by allocating all Fixed IPs

Cinder

 * OSSA 2013-004/CVE-2013-1664, CVE-2013-1665 - Information leak and Denial of Service using XML entities

Glance

 * OSSA 2013-007/CVE-2013-1840 - Backend credentials leak in Glance v1 API

Keystone

 * OSSA 2013-003/CVE-2013-0247 - Keystone denial of service through invalid token requests
 * OSSA 2013-004/CVE-2013-1664, CVE-2013-1665 - Information leak and Denial of Service using XML entities
 * OSSA 2013-005/CVE-2013-0282 - Keystone EC2-style authentication accepts disabled user/tenants
 * OSSA 2013-009/CVE-2013-1865 - Keystone PKI tokens online validation bypasses revocation check

Bugs Fixed
In total, 90 launchpad bugs are fixed by this update.


 * List of Nova bugs fixed in the 2012.2.4 release
 * List of Glance bugs fixed in the 2012.2.4 release
 * List of Cinder bugs fixed in the 2012.2.4 release
 * List of Quantum bugs fixed in the 2012.2.4 release
 * List of Keystone bugs fixed in the 2012.2.4 release
 * List of Horizon bugs fixed in the 2012.2.4 release

Known Issues and Limitations
None.