Difference between revisions of "ReleaseNotes/2014.2.4"
(→Bugs Fixed) |
(→Resolved Security Issues) |
||
Line 9: | Line 9: | ||
== Resolved Security Issues == | == Resolved Security Issues == | ||
− | === | + | === Cinder === |
− | * [http://security.openstack.org/ossa/OSSA-2015- | + | * [http://security.openstack.org/ossa/OSSA-2015-011.html http://security.openstack.org/ossa/OSSA-2015-011.html] Cinder host file disclosure through qcow2 backing file |
+ | === Glance === | ||
+ | * [http://security.openstack.org/ossa/OSSA-2015-019.html http://security.openstack.org/ossa/OSSA-2015-019.html] Glance image status manipulation | ||
+ | * [http://security.openstack.org/ossa/OSSA-2015-020.html http://security.openstack.org/ossa/OSSA-2015-020.html] Glance storage overrun | ||
+ | |||
+ | === Horizon === | ||
+ | * [http://security.openstack.org/ossa/OSSA-2015-009.html http://security.openstack.org/ossa/OSSA-2015-009.html] Persistent XSS in Horizon metadata dashboard | ||
+ | * [http://security.openstack.org/ossa/OSSA-2015-010.html http://security.openstack.org/ossa/OSSA-2015-010.html] XSS in Horizon Heat stack creation | ||
+ | |||
+ | === Keystone === | ||
+ | * [http://security.openstack.org/ossa/OSSA-2015-008.html http://security.openstack.org/ossa/OSSA-2015-008.html] Potential Keystone cache backend password leak in log | ||
+ | |||
+ | === Neutron === | ||
+ | * [http://security.openstack.org/ossa/OSSA-2015-012.html http://security.openstack.org/ossa/OSSA-2015-012.html] Neutron L2 agent DoS through incorrect allowed address pairs | ||
+ | * [http://security.openstack.org/ossa/OSSA-2015-018.html http://security.openstack.org/ossa/OSSA-2015-018.html] Neutron firewall rules bypass through port update | ||
+ | |||
+ | === Nova === | ||
+ | * [http://security.openstack.org/ossa/OSSA-2015-017.html http://security.openstack.org/ossa/OSSA-2015-017.html] Nova may fail to delete images in resize state | ||
+ | * [http://security.openstack.org/ossa/OSSA-2015-021.html http://security.openstack.org/ossa/OSSA-2015-021.html] Nova network security group changes are not applied to running instances | ||
== Bugs Fixed == | == Bugs Fixed == |
Revision as of 16:33, 14 November 2015
DRAFT Release Notes, 2014.2.4 DRAFT
The 2014.2.4 release is a Juno bugfix update for OpenStack Compute (Nova), OpenStack Identity (Keystone), OpenStack Image Registry and Delivery Service (Glance), OpenStack Networking (Neutron), OpenStack Block Storage (Cinder), OpenStack Dashboard (Horizon), OpenStack Orchestration (Heat), OpenStack Telemetry (Ceilometer), OpenStack Data Processing (Sahara) and OpenStack Database Service (Trove).
The bugfixes contained in this release were backported from the development branches into a stable branch. The release is intended to be a low risk update with no intentional regressions or API changes.
Contents
Resolved Security Issues
Cinder
- http://security.openstack.org/ossa/OSSA-2015-011.html Cinder host file disclosure through qcow2 backing file
Glance
- http://security.openstack.org/ossa/OSSA-2015-019.html Glance image status manipulation
- http://security.openstack.org/ossa/OSSA-2015-020.html Glance storage overrun
Horizon
- http://security.openstack.org/ossa/OSSA-2015-009.html Persistent XSS in Horizon metadata dashboard
- http://security.openstack.org/ossa/OSSA-2015-010.html XSS in Horizon Heat stack creation
Keystone
- http://security.openstack.org/ossa/OSSA-2015-008.html Potential Keystone cache backend password leak in log
Neutron
- http://security.openstack.org/ossa/OSSA-2015-012.html Neutron L2 agent DoS through incorrect allowed address pairs
- http://security.openstack.org/ossa/OSSA-2015-018.html Neutron firewall rules bypass through port update
Nova
- http://security.openstack.org/ossa/OSSA-2015-017.html Nova may fail to delete images in resize state
- http://security.openstack.org/ossa/OSSA-2015-021.html Nova network security group changes are not applied to running instances
Bugs Fixed
In total, 179 bugs are fixed by this update.
- List of OpenStack Compute (Nova) bugs fixed in the 2014.2.4 release
- List of OpenStack Identity (Keystone) bugs fixed in the 2014.2.4 release
- List of OpenStack Image Registry and Delivery Service (Glance) bugs fixed in the 2014.2.4 release
- List of OpenStack Networking (Neutron) bugs fixed in the 2014.2.4 release
- List of OpenStack Block Storage (Cinder) bugs fixed in the 2014.2.4 release
- List of OpenStack Dashboard (Horizon) bugs fixed in the 2014.2.4 release
- List of OpenStack Orchestration (Heat) bugs fixed in the 2014.2.4 release
- List of OpenStack Telemetry (Ceilometer) bugs fixed in the 2014.2.4 release
- List of OpenStack Data Processing (Sahara) bugs fixed in the 2014.2.4 release
- List of OpenStack Database Service (Trove) bugs fixed in the 2014.2.4 release