Revision as of 23:57, 28 November 2012

Release Notes, 2012.2.1

The 2012.2.1 release is an Folsom bugfix update for Nova, Glance, Cinder, Quantum, Keystone and Horizon.

The bugfixes contained in this release were backported from the development branches into a stable branch. The release is intended to be a relatively risk free update with no intentional regressions or API changes.

<<TableOfContents()>>

Upgrade Notes

The 2.1 version of python-quantumclient is required if Nova is configured to use Quantum networking. See this review.

Resolved Security Issues

= Keystone

OSSA-2012-019/CVE-2012-5563 - Extension of token validity through token chaining
OSSA-2012-019/CVE-2012-5571 - EC2-style credentials invalidation issue

Glance

OSSA-2012-017.1/CVE-2012-4573/CVE-2012-5482 - Authentication bypass for image deletion

Bugs Fixed

In total, NN launchpad bugs are fixed by this update.

Known Issues and Limitations

Nova

WARNING: If you are backing your instances with shared storage, make sure to disable image cache BEFORE upgrading to Folsom:

   image_cache_manager_interval = 0
   Related Bug

@@ Line 13: / Line 13: @@
 == Resolved Security Issues ==
+=== Keystone ==
+* [http://lists.openstack.org/pipermail/openstack-announce/2012-November/000056.html OSSA-2012-019]/[https://bugs.launchpad.net/keystone/+bug/1079216 CVE-2012-5563] - Extension of token validity through token chaining
+* [http://lists.openstack.org/pipermail/openstack-announce/2012-November/000055.html OSSA-2012-019]/[https://bugs.launchpad.net/keystone/+bug/1064914 CVE-2012-5571] - EC2-style credentials invalidation issue
 === Glance ===

Difference between revisions of "ReleaseNotes/2012.2.1"