Difference between revisions of "ReleaseNotes/2012.2.4"
(→Release Notes, 2012.2.4) |
|||
| Line 2: | Line 2: | ||
= Release Notes, 2012.2.4 = | = Release Notes, 2012.2.4 = | ||
| − | The 2012.2.4 release is a Folsom bugfix update for Nova, Glance, Cinder, Quantum, Keystone and Horizon. | + | The 2012.2.4 release is a Folsom bugfix update for Nova, Glance, Cinder, Quantum, Keystone and Horizon. No further official Folsom releases of these projects are planned. |
The bugfixes contained in this release were backported from the development branches into a [[StableBranch|stable branch]]. The release is intended to be a relatively risk free update with no intentional regressions or API changes. | The bugfixes contained in this release were backported from the development branches into a [[StableBranch|stable branch]]. The release is intended to be a relatively risk free update with no intentional regressions or API changes. | ||
| − | |||
| − | |||
__TOC__ | __TOC__ | ||
| − | |||
| − | |||
| − | |||
| − | |||
== Resolved Security Issues == | == Resolved Security Issues == | ||
Revision as of 23:53, 10 April 2013
Release Notes, 2012.2.4
The 2012.2.4 release is a Folsom bugfix update for Nova, Glance, Cinder, Quantum, Keystone and Horizon. No further official Folsom releases of these projects are planned.
The bugfixes contained in this release were backported from the development branches into a stable branch. The release is intended to be a relatively risk free update with no intentional regressions or API changes.
Contents
Resolved Security Issues
Nova
- OSSA-2013-004/CVE-2013-1664, CVE-2013-1665 - Information leak and Denial of Service using XML entities
- OSSA-2013-006/CVE-2013-0335 - VNC proxy can connect to the wrong VM
- OSSA 2013-008/CVE-2013-1838 - Nova DoS by allocating all Fixed IPs
Cinder
- OSSA-2013-004/CVE-2013-1664, CVE-2013-1665 - Information leak and Denial of Service using XML entities
Glance
- OSSA 2013-007/CVE-2013-1840 - Backend credentials leak in Glance v1 API
Keystone
- OSSA-2013-003/CVE-2013-0247 - Keystone denial of service through invalid token requests
- OSSA-2013-004/CVE-2013-1664, CVE-2013-1665 - Information leak and Denial of Service using XML entities
- OSSA 2013-005/CVE-2013-0282 - Keystone EC2-style authentication accepts disabled user/tenants
- OSSA 2013-009/CVE-2013-1865 - Keystone PKI tokens online validation bypasses revocation check
Bugs Fixed
In total, 90 launchpad bugs are fixed by this update.
- List of Nova bugs fixed in the 2012.2.4 release
- List of Glance bugs fixed in the 2012.2.4 release
- List of Cinder bugs fixed in the 2012.2.4 release
- List of Quantum bugs fixed in the 2012.2.4 release
- List of Keystone bugs fixed in the 2012.2.4 release
- List of Horizon bugs fixed in the 2012.2.4 release
Known Issues and Limitations
None.
