Difference between revisions of "ReleaseNotes/2014.2.2"
| Line 9: | Line 9: | ||
== Resolved Security Issues == | == Resolved Security Issues == | ||
| − | === OpenStack | + | === OpenStack Image Registry and Delivery Service (Glance) === |
| + | * [http://lists.openstack.org/pipermail/openstack-announce/2014-December/000317.html OSSA-2014-041] / [https://launchpad.net/bugs/1400966 CVE-2014-9493] Glance allows users to download and delete any file in glance-api server | ||
| + | * [http://lists.openstack.org/pipermail/openstack-announce/2015-January/000323.html OSSA-2015-002] / [https://launchpad.net/bugs/1408663 CVE-2015-1195] Glance still allows users to download and delete any file in glance-api server | ||
| − | === OpenStack | + | === OpenStack Dashboard (Horizon) === |
| + | * [http://lists.openstack.org/pipermail/openstack-announce/2014-December/000308.html OSSA 2014-040] / [https://launchpad.net/bugs/1394370 CVE-2014-8124] horizon login page is vulnerable to DOS attack (CVE-2014-8124) | ||
== Bugs Fixed == | == Bugs Fixed == | ||
Revision as of 18:06, 5 February 2015
Release Notes, 2014.2.2
The 2014.2.2 release is a Juno bugfix update for OpenStack Compute (Nova), OpenStack Identity (Keystone), OpenStack Image Registry and Delivery Service (Glance), OpenStack Networking (Neutron), OpenStack Block Storage (Cinder), OpenStack Dashboard (Horizon), OpenStack Orchestration (Heat), OpenStack Telemetry (Ceilometer), OpenStack Data Processing (Sahara) and OpenStack Database Service (Trove).
The bugfixes contained in this release were backported from the development branches into a stable branch. The release is intended to be a low risk update with no intentional regressions or API changes.
Contents
Resolved Security Issues
OpenStack Image Registry and Delivery Service (Glance)
- OSSA-2014-041 / CVE-2014-9493 Glance allows users to download and delete any file in glance-api server
- OSSA-2015-002 / CVE-2015-1195 Glance still allows users to download and delete any file in glance-api server
OpenStack Dashboard (Horizon)
- OSSA 2014-040 / CVE-2014-8124 horizon login page is vulnerable to DOS attack (CVE-2014-8124)
Bugs Fixed
In total, ??? bugs are fixed by this update.
- List of OpenStack Compute (Nova) bugs fixed in the 2014.2.2 release
- List of OpenStack Identity (Keystone) bugs fixed in the 2014.2.2 release
- List of OpenStack Image Registry and Delivery Service (Glance) bugs fixed in the 2014.2.2 release
- List of OpenStack Networking (Neutron) bugs fixed in the 2014.2.2 release
- List of OpenStack Block Storage (Cinder) bugs fixed in the 2014.2.2 release
- List of OpenStack Dashboard (Horizon) bugs fixed in the 2014.2.2 release
- List of OpenStack Orchestration (Heat) bugs fixed in the 2014.2.2 release
- List of OpenStack Telemetry (Ceilometer) bugs fixed in the 2014.2.2 release
- List of OpenStack Data Processing (Sahara) bugs fixed in the 2014.2.2 release
- List of OpenStack Database Service (Trove) bugs fixed in the 2014.2.2 release
Known Issues and Limitations
Nova
- https://review.openstack.org/#/c/138368/2 Fix for the Eventlet threads not released back to the pool added client_socket_timeout and wsgi_keep_alive options. In order to maintain the backward compatibility default values are 0 and False for those options, while it's recommended to set them to 900 and True.
Cinder
- Fix for the Eventlet threads not released back to the pool added client_socket_timeout option. In order to maintain the backward compatibility default value is 0 and recommended is to set it to 900.
Neutron
- Fix for the Eventlet threads not released back to the pool added wsgi_keep_alive option. In order to maintain the backward compatibility default value is True and recommended is to set it to False.
- Incompatibility with old versions of dnsmasq was found in Juno DHCP agent. Specifically, IPv6 subnets with stateful DHCP enabled fail to provide IP addresses to instances when dnsmasq < 2.67 is used. To make it work, please upgrade your dnsmasq package.
