Difference between revisions of "ReleaseNotes/2012.2.1"
Line 13: | Line 13: | ||
== Resolved Security Issues == | == Resolved Security Issues == | ||
+ | |||
+ | === Keystone == | ||
+ | |||
+ | * [http://lists.openstack.org/pipermail/openstack-announce/2012-November/000056.html OSSA-2012-019]/[https://bugs.launchpad.net/keystone/+bug/1079216 CVE-2012-5563] - Extension of token validity through token chaining | ||
+ | * [http://lists.openstack.org/pipermail/openstack-announce/2012-November/000055.html OSSA-2012-019]/[https://bugs.launchpad.net/keystone/+bug/1064914 CVE-2012-5571] - EC2-style credentials invalidation issue | ||
=== Glance === | === Glance === |
Revision as of 23:57, 28 November 2012
Release Notes, 2012.2.1
The 2012.2.1 release is an Folsom bugfix update for Nova, Glance, Cinder, Quantum, Keystone and Horizon.
The bugfixes contained in this release were backported from the development branches into a stable branch. The release is intended to be a relatively risk free update with no intentional regressions or API changes.
<<TableOfContents()>>
Upgrade Notes
- The 2.1 version of python-quantumclient is required if Nova is configured to use Quantum networking. See this review.
Resolved Security Issues
= Keystone
- OSSA-2012-019/CVE-2012-5563 - Extension of token validity through token chaining
- OSSA-2012-019/CVE-2012-5571 - EC2-style credentials invalidation issue
Glance
- OSSA-2012-017.1/CVE-2012-4573/CVE-2012-5482 - Authentication bypass for image deletion
Bugs Fixed
In total, NN launchpad bugs are fixed by this update.
- List of Nova bugs fixed in the 2012.2 release
- List of Glance bugs fixed in the 2012.2 release
- List of Cinder bugs fixed in the 2012.2 release
- List of Quantum bugs fixed in the 2012.2 release
- List of Keystone bugs fixed in the 2012.2 release
- List of Horizon bugs fixed in the 2012.2 release
Known Issues and Limitations
Nova
- WARNING: If you are backing your instances with shared storage, make sure to disable image cache BEFORE upgrading to Folsom:
image_cache_manager_interval = 0 Related Bug