ReleaseNotes/2014.1.3

= Release Notes, 2014.1.3 =

The 2014.1.3 release is a Icehouse bugfix update for OpenStack Compute (Nova), OpenStack Identity (Keystone), OpenStack Image Registry and Delivery Service (Glance), OpenStack Networking (Neutron), OpenStack Block Storage (Cinder), OpenStack Dashboard (Horizon), OpenStack Orchestration (Heat), OpenStack Telemetry (Ceilometer) and Openstack Database (Trove).

The bugfixes contained in this release were backported from the development branches into a stable branch. The release is intended to be a low risk update with no intentional regressions or API changes.

OpenStack Block Storage (Cinder)

 * OSSA 2014-33 / CVE-2014-3641 - Cinder-volume host data leak	to vm instance

OpenStack Compute (Nova)

 * OSSA 2014-032 / CVE-2014-3608 - Nova VMware driver still leaks	rescued images

OpenStack Image Registry and Delivery Service (Glance)

 * OSSA 2014-028 / CVE-2014-5356 - Glance store DoS through disk	space exhaustion

OpenStack Dashboard (Horizon)

 * OSSA 2014-027 / CVE-2014-3594 - Persistent XSS in Horizon Host Aggregates interface

OpenStack Identity (Keystone)

 * OSSA 2014-029 / CVE-2014-3621 - Configuration option leak through Keystone catalog

OpenStack Networking (Neutron)

 * OSSA 2014-031 / CVE-2014-6414 - Admin-only network attributes may be reset to defaults by non-privileged users

Bugs Fixed
In total, 131 bugs are fixed by this update.


 * List of OpenStack Compute (Nova) bugs fixed in the 2014.1.3 release
 * List of OpenStack Identity (Keystone) bugs fixed in the 2014.1.3 release
 * List of OpenStack Image Registry and Delivery Service (Glance) bugs fixed in the 2014.1.3 release
 * List of OpenStack Networking (Neutron) bugs fixed in the 2014.1.3 release
 * List of OpenStack Block Storage (Cinder) bugs fixed in the 2014.1.3 release
 * List of OpenStack Dashboard (Horizon) bugs fixed in the 2014.1.3 release
 * List of OpenStack Orchestration (Heat) bugs fixed in the 2014.1.3 release
 * List of OpenStack Telemetry (Ceilometer) bugs fixed in the 2014.1.3 release
 * List of OpenStack Database (Trove) bugs fixed in the 2014.1.3 release

Known Issues and Limitations

 * There is a known issue in all Icehouse releases that results in Neutron DHCP agent constantly resyncing its state once a network and a subnet is created with a gateway outside of it. To avoid this, users are encouraged to set force_gateway_on_subnet to True in neutron.conf. See Bug 1304181


 * Operators of existing Neutron Icehouse ML2 based deployments will need to apply the following SQL statement to their Neutron database. This is to fix a race condition in agent status report updates.  See Bug 1254246:

ALTER TABLE agents ADD CONSTRAINT uniq_agents0agent_type0host UNIQUE (agent_type, host);


 * A new runtime dependency on conntrack-tools in L3 agent sneaked in the release. This is an issue for at least one of target distributions for Icehouse (specifically, RHEL6/RHEL7), so a revert for the patch that introduced the dependency was requested: https://review.openstack.org/#/c/132052/ Packagers of 2014.1.3 release are left with dilemma: either they also revert the patch in their downstream packages, or they introduce a new runtime conntrack-tools dependency for Neutron L3 agent.