*DRAFT* Release Notes, 2014.1.3

The 2014.1.3 release is a Icehouse bugfix update for OpenStack Compute (Nova), OpenStack Identity (Keystone), OpenStack Image Registry and Delivery Service (Glance), OpenStack Networking (Neutron), OpenStack Block Storage (Cinder), OpenStack Dashboard (Horizon), OpenStack Orchestration (Heat), OpenStack Telemetry (Ceilometer) and Openstack Database (Trove).

The bugfixes contained in this release were backported from the development branches into a stable branch. The release is intended to be a low risk update with no intentional regressions or API changes.

Resolved Security Issues

OpenStack Image Registry and Delivery Service (Glance)

• OSSA 2014-028 / CVE-2014-5356 - Glance store DoS through disk space exhaustion

OpenStack Dashboard (Horizon)

• OSSA 2014-027 / CVE-2014-3594 - Persistent XSS in Horizon Host Aggregates interface

OpenStack Identity (Keystone)

• OSSA 2014-029 / CVE-2014-3621 - Configuration option leak through Keystone catalog

OpenStack Networking (Neutron)

• OSSA 2014-031 / CVE-2014-6414 - Admin-only network attributes may be reset to defaults by non-privileged users

Bugs Fixed

In total, 129 bugs are fixed by this update.

• List of OpenStack Compute (Nova) bugs fixed in the 2014.1.3 release
• List of OpenStack Identity (Keystone) bugs fixed in the 2014.1.3 release
• List of OpenStack Image Registry and Delivery Service (Glance) bugs fixed in the 2014.1.3 release
• List of OpenStack Networking (Neutron) bugs fixed in the 2014.1.3 release
• List of OpenStack Block Storage (Cinder) bugs fixed in the 2014.1.3 release
• List of OpenStack Dashboard (Horizon) bugs fixed in the 2014.1.3 release
• List of OpenStack Orchestration (Heat) bugs fixed in the 2014.1.3 release
• List of OpenStack Telemetry (Ceilometer) bugs fixed in the 2014.1.3 release
• List of OpenStack Database (Trove) bugs fixed in the 2014.1.3 release

Known Issues and Limitations