Difference between revisions of "ReleaseNotes/2011.3.1"
| Line 14: | Line 14: | ||
* Nova: [https://launchpad.net/nova/+milestone/2011.3.1 List of Nova bugs fixed in the 2011.3.1 release] | * Nova: [https://launchpad.net/nova/+milestone/2011.3.1 List of Nova bugs fixed in the 2011.3.1 release] | ||
* Glance: [https://launchpad.net/glance/+milestone/2011.3.1 List of Glance bugs fixed in the 2011.3.1 release] | * Glance: [https://launchpad.net/glance/+milestone/2011.3.1 List of Glance bugs fixed in the 2011.3.1 release] | ||
| + | |||
| + | == Resolved Security Issues == | ||
| + | |||
| + | === Nova === | ||
| + | |||
| + | * [https://bugs.launchpad.net/nova/+bug/863305 Image access control is available] | ||
| + | * [https://bugs.launchpad.net/nova/+bug/868360 Incorrect secret key causes user details to be revealed] | ||
| + | * [https://bugs.launchpad.net/nova/+bug/869979 Security groups are not sanity checked for incorrect data] | ||
| + | * [https://bugs.launchpad.net/nova/+bug/885167 Path Traversal possible when downloading an image] | ||
| + | * [https://bugs.launchpad.net/nova/+bug/894755 Potential directory traversal in _untarzip_image] | ||
| + | * [https://bugs.launchpad.net/nova/+bug/904072 project_id could be overwritten to any value by URI value] | ||
| + | |||
| + | === Glance === | ||
| + | |||
| + | * [https://bugs.launchpad.net/glance/+bug/860862 Location information still showing in calls to HEAD|GET /images/<ID>] | ||
| + | * [https://bugs.launchpad.net/glance/+bug/880910 Glance reports location (with credentials) in create return json] | ||
| + | * [https://bugs.launchpad.net/glance/+bug/909538 Swift upload via Glance logs the password it's using ] | ||
== Known Issues and Limitations == | == Known Issues and Limitations == | ||
Revision as of 15:06, 19 January 2012
Release Notes, 2011.3.1
The 2011.3.1 release is a Diablo bugfix update for Nova and Glance.
The bugfixes contained in this release were backported from the development branches into a stable branch. The release is intended to be a relatively risk free update with no intentional regressions or API changes.
<<TableOfContents()>>
Bugs Fixed
In total, 90 launchpad bugs are fixed by this update.
- Nova: List of Nova bugs fixed in the 2011.3.1 release
- Glance: List of Glance bugs fixed in the 2011.3.1 release
Resolved Security Issues
Nova
- Image access control is available
- Incorrect secret key causes user details to be revealed
- Security groups are not sanity checked for incorrect data
- Path Traversal possible when downloading an image
- Potential directory traversal in _untarzip_image
- project_id could be overwritten to any value by URI value
Glance
- Location information still showing in calls to HEAD|GET /images/<ID>
- Glance reports location (with credentials) in create return json
- Swift upload via Glance logs the password it's using
