Difference between revisions of "ReleaseNotes/2013.1.4"
(→OpenStack Image Registry and Delivery Service (Glance)) |
(→Resolved Security Issues) |
||
Line 10: | Line 10: | ||
=== OpenStack Compute (Nova) === | === OpenStack Compute (Nova) === | ||
− | * [http://lists.openstack.org/pipermail/openstack-announce/2013-September/000143.html OSSA 2013-026]/[https://bugs.launchpad.net/nova/+bug/1215091 CVE 2013-4261] - Some sequence of characters in console-log can DoS nova-compute | + | * [http://lists.openstack.org/pipermail/openstack-announce/2013-September/000143.html OSSA-2013-026]/[https://bugs.launchpad.net/nova/+bug/1215091 CVE-2013-4261] - Some sequence of characters in console-log can DoS nova-compute |
− | * [http://lists.openstack.org/pipermail/openstack-announce/2013-August/000138.html OSSA 2013-024]/[https://bugs.launchpad.net/nova/+bug/1212179 CVE 2013-4278] - Resource limit circumvention in Nova private flavors | + | * [http://lists.openstack.org/pipermail/openstack-announce/2013-August/000138.html OSSA-2013-024]/[https://bugs.launchpad.net/nova/+bug/1212179 CVE-2013-4278] - Resource limit circumvention in Nova private flavors |
=== OpenStack Image Registry and Delivery Service (Glance) === | === OpenStack Image Registry and Delivery Service (Glance) === | ||
− | * [[http://lists.openstack.org/pipermail/openstack-announce/2013-October/000155.html OSSA 2013-027] / [https://bugs.launchpad.net/glance/+bug/1235378 CVE 2013-4428] 'image_download' role in v2 causes traceback | + | * [[http://lists.openstack.org/pipermail/openstack-announce/2013-October/000155.html OSSA-2013-027] / [https://bugs.launchpad.net/glance/+bug/1235378 CVE-2013-4428] 'image_download' role in v2 causes traceback |
=== OpenStack Identity (Keystone) === | === OpenStack Identity (Keystone) === | ||
− | * [http://lists.openstack.org/pipermail/openstack-announce/2013-September/000142.html OSSA 2013-025]/[https://bugs.launchpad.net/keystone/+bug/1202952 CVE-2013-4294] PKI tokens are never revoked using memcache token backend | + | * [http://lists.openstack.org/pipermail/openstack-announce/2013-September/000142.html OSSA-2013-025]/[https://bugs.launchpad.net/keystone/+bug/1202952 CVE-2013-4294] PKI tokens are never revoked using memcache token backend |
== Bugs Fixed == | == Bugs Fixed == |
Revision as of 13:38, 21 February 2014
Release Notes, 2013.1.4
The 2013.1.4 release is a Grizzly bugfix update for OpenStack Compute (Nova), OpenStack Block Storage (Cinder), OpenStack Networking, OpenStack Identity (Keystone), OpenStack Dashboard (Horizon) and OpenStack Image Service (Glance).
The bugfixes contained in this release were backported from the development branches into a stable branch. The release is intended to be a relatively risk free update with no intentional regressions or API changes.
Contents
Resolved Security Issues
OpenStack Compute (Nova)
- OSSA-2013-026/CVE-2013-4261 - Some sequence of characters in console-log can DoS nova-compute
- OSSA-2013-024/CVE-2013-4278 - Resource limit circumvention in Nova private flavors
OpenStack Image Registry and Delivery Service (Glance)
- [OSSA-2013-027 / CVE-2013-4428 'image_download' role in v2 causes traceback
OpenStack Identity (Keystone)
- OSSA-2013-025/CVE-2013-4294 PKI tokens are never revoked using memcache token backend
Bugs Fixed
In total, 68 launchpad bugs are fixed by this update.
- List of OpenStack Compute (Nova) bugs fixed in the 2013.1.4 release
- List of OpenStack Image Service (Glance) bugs fixed in the 2013.1.4 release
- List of OpenStack Block Storage (Cinder) bugs fixed in the 2013.1.4 release
- List of OpenStack Networking (Neutron) bugs fixed in the 2013.1.4 release
- List of OpenStack Identity (Keystone) bugs fixed in the 2013.1.4 release
- List of OpenStack Dashboard (Horizon) bugs fixed in the 2013.1.4 release