Latest revision as of 00:28, 23 September 2014

Release Notes, 2013.1.5

The 2013.1.5 release is a Grizzly bugfix update for OpenStack Compute (Nova), OpenStack Identity (Keystone), OpenStack Image Registry and Delivery Service (Glance), OpenStack Networking, OpenStack Block Storage (Cinder) and OpenStack Dashboard (Horizon). No further official Grizzly releases of these projects are planned.

The bugfixes contained in this release were backported from the development branches into a stable branch. The release is intended to be a low risk update with no intentional regressions or API changes.

Resolved Security Issues

OpenStack Compute (Nova)

OSSA 2013-029 / CVE-2013-4463 CVE-2013-4469 - Potential Nova denial of service through compressed disk images
OSSA 2013-030 / CVE-2013-4497 - XenAPI security groups not kept through migrate or resize
OSSA 2013-033 / CVE-2013-6419 - Metadata queries from Neutron to Nova are not restricted by tenant
OSSA 2013-037 / CVE-2013-6437 - Nova compute DoS through ephemeral disk backing files
OSSA 2014-001 / CVE-2013-7048 - Nova live snapshots use an insecure local directory
OSSA 2014-003 / CVE-2013-7130 - Live migration can leak root disk into ephemeral storage

OpenStack Identity (Keystone)

OSSA 2013-028/CVE-2013-4477 - Unintentional role granting with Keystone LDAP backend
OSSA 2013-032/CVE-2013-6391 - Keystone trust circumvention through EC2-style tokens
OSSA 2014-006/CVE-2014-2237 - Trustee token revocation does not work with memcache backend

OpenStack Networking

OSSA 2013-033 / CVE-2013-6419 - Metadata queries from Neutron to Nova are not restricted by tenant

OpenStack Dashboard (Horizon)

OSSA 2013-036 / CVE-2013-6458 - Insufficient sanitization of Instance Name in Horizon

Bugs Fixed

In total, 44 launchpad bugs are fixed by this update.

Known Issues and Limitations

The fix for CVE-2013-6419 required patches to both OpenStack Networking and Nova to ensure metadata requests between between services are restricted by tenant. To avoid interruption of the metadata service during an upgrade, it is recommended OpenStack Networking is upgraded and the quantum-metadata-agent restarted before upgrading Nova.

@@ Line 1: / Line 1: @@
-= DRAFT Release Notes, 2013.1.5 DRAFT - release planned Mar 20 =
+= Release Notes, 2013.1.5 =
 The 2013.1.5 release is a Grizzly bugfix update for OpenStack Compute (Nova), OpenStack Identity (Keystone), OpenStack Image Registry and Delivery Service (Glance), OpenStack Networking, OpenStack Block Storage (Cinder) and OpenStack Dashboard (Horizon). No further official Grizzly releases of these projects are planned.
@@ Line 30: / Line 30: @@
 == Bugs Fixed ==
-In total, NN launchpad bugs are fixed by this update.
+In total, 44 launchpad bugs are fixed by this update.
-'''DRAFT remove milestone links before release DRAFT'''
-* https://launchpad.net/nova/+milestone/2013.1.5
-* https://launchpad.net/keystone/+milestone/2013.1.5
-* https://launchpad.net/glance/+milestone/2013.1.5
-* https://launchpad.net/neutron/+milestone/2013.1.5
-* https://launchpad.net/cinder/+milestone/2013.1.5
-* https://launchpad.net/horizon/+milestone/2013.1.5
-'''DRAFT remove milestone links before release DRAFT'''
 * [https://launchpad.net/nova/grizzly/2013.1.5 List of OpenStack Compute (Nova) bugs fixed in the 2013.1.5 release]
@@ Line 51: / Line 42: @@
 The fix for [https://launchpad.net/bugs/1235450 CVE-2013-6419] required patches to both OpenStack Networking and Nova to ensure metadata requests between between services are restricted by tenant.  To avoid interruption of the metadata service during an upgrade, it is recommended OpenStack Networking is upgraded and the quantum-metadata-agent restarted before upgrading Nova.
+[[Category:Releases]]
+[[Category:Grizzly]]

Difference between revisions of "ReleaseNotes/2013.1.5"