Jump to: navigation, search

Difference between revisions of "ReleaseNotes/2014.2.4"

(Bugs Fixed)
(Resolved Security Issues)
Line 9: Line 9:
 
== Resolved Security Issues ==
 
== Resolved Security Issues ==
  
=== PROJECT ===
+
=== Cinder ===
* [http://security.openstack.org/ossa/OSSA-2015-NNN.html http://security.openstack.org/ossa/OSSA-2015-NNN.html] SUMMARY
+
* [http://security.openstack.org/ossa/OSSA-2015-011.html http://security.openstack.org/ossa/OSSA-2015-011.html] Cinder host file disclosure through qcow2 backing file
  
 +
=== Glance ===
 +
* [http://security.openstack.org/ossa/OSSA-2015-019.html http://security.openstack.org/ossa/OSSA-2015-019.html] Glance image status manipulation
 +
* [http://security.openstack.org/ossa/OSSA-2015-020.html http://security.openstack.org/ossa/OSSA-2015-020.html] Glance storage overrun
 +
 +
=== Horizon ===
 +
* [http://security.openstack.org/ossa/OSSA-2015-009.html http://security.openstack.org/ossa/OSSA-2015-009.html] Persistent XSS in Horizon metadata dashboard
 +
* [http://security.openstack.org/ossa/OSSA-2015-010.html http://security.openstack.org/ossa/OSSA-2015-010.html] XSS in Horizon Heat stack creation
 +
 +
=== Keystone ===
 +
* [http://security.openstack.org/ossa/OSSA-2015-008.html http://security.openstack.org/ossa/OSSA-2015-008.html] Potential Keystone cache backend password leak in log
 +
 +
=== Neutron ===
 +
* [http://security.openstack.org/ossa/OSSA-2015-012.html http://security.openstack.org/ossa/OSSA-2015-012.html] Neutron L2 agent DoS through incorrect allowed address pairs
 +
* [http://security.openstack.org/ossa/OSSA-2015-018.html http://security.openstack.org/ossa/OSSA-2015-018.html] Neutron firewall rules bypass through port update
 +
 +
=== Nova ===
 +
* [http://security.openstack.org/ossa/OSSA-2015-017.html http://security.openstack.org/ossa/OSSA-2015-017.html] Nova may fail to delete images in resize state
 +
* [http://security.openstack.org/ossa/OSSA-2015-021.html http://security.openstack.org/ossa/OSSA-2015-021.html] Nova network security group changes are not applied to running instances
  
 
== Bugs Fixed ==
 
== Bugs Fixed ==

Revision as of 16:33, 14 November 2015

DRAFT Release Notes, 2014.2.4 DRAFT

The 2014.2.4 release is a Juno bugfix update for OpenStack Compute (Nova), OpenStack Identity (Keystone), OpenStack Image Registry and Delivery Service (Glance), OpenStack Networking (Neutron), OpenStack Block Storage (Cinder), OpenStack Dashboard (Horizon), OpenStack Orchestration (Heat), OpenStack Telemetry (Ceilometer), OpenStack Data Processing (Sahara) and OpenStack Database Service (Trove).

The bugfixes contained in this release were backported from the development branches into a stable branch. The release is intended to be a low risk update with no intentional regressions or API changes.

Resolved Security Issues

Cinder

Glance

Horizon

Keystone

Neutron

Nova

Bugs Fixed

In total, 179 bugs are fixed by this update.

Known Issues and Limitations