ReleaseNotes/2013.1.3
Release Notes, 2013.1.3
The 2013.1.3 release is a Grizzly bugfix update for OpenStack Compute (Nova), OpenStack Block Storage (Cinder), OpenStack Networking, OpenStack Identity (Keystone), OpenStack Dashboard (Horizon) and OpenStack Image Service (Glance).
The bugfixes contained in this release were backported from the development branches into a stable branch. The release is intended to be a relatively risk free update with no intentional regressions or API changes.
Contents
Resolved Security Issues
OpenStack Compute (Nova)
- OSSA-2013-019/CVE-2013-2256 - Resource limit circumvention in Nova private flavors
- OSSA-2013-020/CVE-2013-4185 - Denial of Service in Nova network source security groups
- OSSA-2013-023/CVE-2013-4179 - Denial of Service using XML entities in Nova extensions
OpenStack Block Storage (Cinder)
- OSSA-2013-021/CVE-2013-4183 - Cinder LVM volume driver does not support secure deletion
- OSSA-2013-023/CVE-2013-4202 - Denial of Service using XML entities in Cinder extensions
OpenStack Identity (Keystone)
- OSSA-2013-015/CVE-2013-2157 - Authentication bypass when using LDAP backend
Bugs Fixed
In total, 116 launchpad bugs are fixed by this update.
- List of OpenStack Compute (Nova) bugs fixed in the 2013.1.3 release
- List of OpenStack Image Service (Glance) bugs fixed in the 2013.1.3 release
- List of OpenStack Block Storage (Cinder) bugs fixed in the 2013.1.3 release
- List of OpenStack Networking bugs fixed in the 2013.1.3 release
- List of OpenStack Identity (Keystone) bugs fixed in the 2013.1.3 release
- List of OpenStack Dashboard (Horizon) bugs fixed in the 2013.1.3 release
Known Issues and Limitations
Nova
- https://bugs.launchpad.net/nova/+bug/1155842/comments/13
- https://bugs.launchpad.net/nova/+bug/1212565
- https://bugs.launchpad.net/nova/+bug/1175286/comments/8
- https://bugs.launchpad.net/nova/+bug/1218372