ReleaseNotes/2012.2.4
Release Notes, 2012.2.4
The 2012.2.4 release is a Folsom bugfix update for Nova, Glance, Cinder, Quantum, Keystone and Horizon.
The bugfixes contained in this release were backported from the development branches into a stable branch. The release is intended to be a relatively risk free update with no intentional regressions or API changes.
2012.2.4 is the last planned Folsom stable release, after this release, stable/folsom enters passive maintenance mode where only security fixes are applied.
Contents
Upgrade Notes
Resolved Security Issues
Nova
- OSSA-2013-004/CVE-2013-1664, CVE-2013-1665 - Information leak and Denial of Service using XML entities
- OSSA-2013-006/CVE-2013-0335 - VNC proxy can connect to the wrong VM
- OSSA 2013-008/CVE-2013-1838 - Nova DoS by allocating all Fixed IPs
Cinder
- OSSA-2013-004/CVE-2013-1664, CVE-2013-1665 - Information leak and Denial of Service using XML entities
Glance
- OSSA 2013-007/CVE-2013-1840 - Backend credentials leak in Glance v1 API
Keystone
- OSSA-2013-003/CVE-2013-0247 - Keystone denial of service through invalid token requests
- OSSA-2013-004/CVE-2013-1664, CVE-2013-1665 - Information leak and Denial of Service using XML entities
- OSSA 2013-005/CVE-2013-0282 - Keystone EC2-style authentication accepts disabled user/tenants
- OSSA 2013-009/CVE-2013-1865 - Keystone PKI tokens online validation bypasses revocation check
Bugs Fixed
In total, XX launchpad bugs are fixed by this update.
- List of Nova bugs fixed in the 2012.2.4 release
- List of Glance bugs fixed in the 2012.2.4 release
- List of Cinder bugs fixed in the 2012.2.4 release
- List of Quantum bugs fixed in the 2012.2.4 release
- List of Keystone bugs fixed in the 2012.2.4 release
- List of Horizon bugs fixed in the 2012.2.4 release
Known Issues and Limitations
None.