Jump to: navigation, search


Revision as of 14:03, 7 April 2015 by Tristan Cacqueray (talk | contribs) (Adds websocket origin ValidationError known issue)

Release Notes, 2014.1.4

The 2014.1.4 release is a Icehouse bugfix update for OpenStack Compute (Nova), OpenStack Identity (Keystone), OpenStack Image Registry and Delivery Service (Glance), OpenStack Networking (Neutron), OpenStack Block Storage (Cinder), OpenStack Dashboard (Horizon), OpenStack Orchestration (Heat), OpenStack Telemetry (Ceilometer) and Openstack Database (Trove).

The bugfixes contained in this release were backported from the development branches into a stable branch. The release is intended to be a low risk update with no intentional regressions or API changes.

Resolved Security Issues

Bugs Fixed

In total, 89 bugs are fixed by this update.

Known Issues and Limitations


  • Fix unsafe SSL connection on TrustedFilter adds an option attestation_insecure_ssl in TrustedFilter which can be used to verify CAs. The default value is set to True, disabling SSL certificate verification. While this is the insecure option, it was selected for backward compatibility reasons.
  • There is a known issue with the new websocket origin access control (OSSA 2015-005): ValidationError will prevent VNC and SPICE connection if base_urls are not properly configured. The novncproxy_base_url and html5proxy_base_url now need to match the TLS settings of the connection origin and needs to be set explicitly where the nova proxy service is running.



  • There is a known issue in all Icehouse releases that results in Neutron DHCP agent constantly resyncing its state once a network and a subnet is created with a gateway outside of it. To avoid this, users are encouraged to set force_gateway_on_subnet to True in neutron.conf. See Bug 1304181
  • Fix for the Eventlet threads not released back to the pool added wsgi_keep_alive option. In order to maintain the backward compatibility default value is True and recommended is to set it to False.