Difference between revisions of "ReleaseNotes/2011.3.1"
m (→Glance) |
|||
(5 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
− | + | ||
= Release Notes, 2011.3.1 = | = Release Notes, 2011.3.1 = | ||
Line 6: | Line 6: | ||
The bugfixes contained in this release were backported from the development branches into a [[StableBranch|stable branch]]. The release is intended to be a relatively risk free update with no intentional regressions or API changes. | The bugfixes contained in this release were backported from the development branches into a [[StableBranch|stable branch]]. The release is intended to be a relatively risk free update with no intentional regressions or API changes. | ||
− | + | __TOC__ | |
== Bugs Fixed == | == Bugs Fixed == | ||
Line 20: | Line 20: | ||
* [https://bugs.launchpad.net/nova/+bug/863305 Image access control is available] | * [https://bugs.launchpad.net/nova/+bug/863305 Image access control is available] | ||
− | * [https://bugs.launchpad.net/nova/+bug/868360 Incorrect secret key causes user details to be revealed] | + | * [https://bugs.launchpad.net/nova/+bug/868360 Incorrect secret key causes user details to be revealed] ([https://bugs.launchpad.net/bugs/cve/2011-4076 CVE-2011-4076]) |
* [https://bugs.launchpad.net/nova/+bug/869979 Security groups are not sanity checked for incorrect data] | * [https://bugs.launchpad.net/nova/+bug/869979 Security groups are not sanity checked for incorrect data] | ||
− | * [https://bugs.launchpad.net/nova/+bug/885167 Path Traversal possible when downloading an image] | + | * [https://bugs.launchpad.net/nova/+bug/885167 Path Traversal possible when downloading an image] ([https://bugs.launchpad.net/bugs/cve/2011-4596 CVE-2011-4596]) |
− | * [https://bugs.launchpad.net/nova/+bug/894755 Potential directory traversal in _untarzip_image] | + | * [https://bugs.launchpad.net/nova/+bug/894755 Potential directory traversal in _untarzip_image] ([https://bugs.launchpad.net/bugs/cve/2011-4596 CVE-2011-4596]) |
− | * [https://bugs.launchpad.net/nova/+bug/904072 project_id could be overwritten to any value by URI value] | + | * [https://bugs.launchpad.net/nova/+bug/904072 project_id could be overwritten to any value by URI value] ([https://bugs.launchpad.net/bugs/cve/2012-0030 CVE-2012-0030]) |
=== Glance === | === Glance === | ||
Line 40: | Line 40: | ||
=== Glance === | === Glance === | ||
− | + | ||
+ | [[Category:Releases]] | ||
+ | [[Category:Diablo]] |
Latest revision as of 00:17, 23 September 2014
Release Notes, 2011.3.1
The 2011.3.1 release is a Diablo bugfix update for Nova and Glance.
The bugfixes contained in this release were backported from the development branches into a stable branch. The release is intended to be a relatively risk free update with no intentional regressions or API changes.
Contents
Bugs Fixed
In total, 90 launchpad bugs are fixed by this update.
- Nova: List of Nova bugs fixed in the 2011.3.1 release
- Glance: List of Glance bugs fixed in the 2011.3.1 release
Resolved Security Issues
Nova
- Image access control is available
- Incorrect secret key causes user details to be revealed (CVE-2011-4076)
- Security groups are not sanity checked for incorrect data
- Path Traversal possible when downloading an image (CVE-2011-4596)
- Potential directory traversal in _untarzip_image (CVE-2011-4596)
- project_id could be overwritten to any value by URI value (CVE-2012-0030)
Glance
- Location information still showing in calls to HEAD|GET /images/<ID>
- Glance reports location (with credentials) in create return json
- Swift upload via Glance logs the password it's using