<div dir="ltr">At the Denver Summit, one of the forum sessions was a PTL Tips & Tricks session[0] where one topic was sending out a project update email. Other projects/SIGs seem to do this from time-to-time (this idea was mostly inspired by Keystone's weekly newsletter, thanks cmurphy!) and the plan for the Security SIG to do something similar was discussed during this week's meeting and seemed to have unanimous approval.<div><br></div><div>So starting this week, the Security SIG will begin sending out a weekly newsletter, the overall goal of this is to provide updates to the happenings of the Security SIG as well as provide insight to the current security happenings within OpenStack. As the amount of content varies week to week, the occurrence may be tweaked in the future to something bi-weekly or monthly as we see how this goes.</div><div><br></div><div><div>[0] <a href="https://etherpad.openstack.org/p/DEN-ptl-tips-and-tricks">https://etherpad.openstack.org/p/DEN-ptl-tips-and-tricks</a></div></div><div><br></div><div>If there's anything else you would like to see here or feedback you'd like to give, please feel free to respond here, reach out via IRC in #openstack-security, and/or comment in the newsletter etherpad here: <a href="https://etherpad.openstack.org/p/security-sig-newsletter">https://etherpad.openstack.org/p/security-sig-newsletter</a>. Thanks!</div><div><br></div><div><div id="gmail-magicdomid868" class="gmail-ace-line" style="margin:0px;padding:0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px"><h3 style="margin:0px;padding:0px"><span class="gmail-" style="margin:0px;padding:1px 0px;line-height:1.5em"># Week of: 23 May 2019</span></h3></div><div id="gmail-magicdomid869" class="gmail-ace-line" style="margin:0px;padding:0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px"><ul class="gmail-list-bullet1" style="margin:0px 0px 0px 1.5em;padding:0px"><li style="margin:0px;padding:0px"><span class="gmail-" style="margin:0px;padding:1px 0px">Security SIG Meeting Info: </span><span class="gmail-url" style="margin:0px;padding:1px 0px"><a href="http://eavesdrop.openstack.org/#Security_SIG_meeting" style="margin:0px;padding:0px;white-space:pre-wrap">http://eavesdrop.openstack.org/#Security_SIG_meeting</a></span></li></ul></div><div id="gmail-magicdomid870" class="gmail-ace-line" style="margin:0px;padding:0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px"><ul class="gmail-list-bullet2" style="margin:0px 0px 0px 3em;padding:0px;list-style-type:circle"><li style="margin:0px;padding:0px"><span class="gmail-" style="margin:0px;padding:1px 0px">Weekly on Thursday at 1500 UTC in #openstack-meeting</span></li></ul></div><div id="gmail-magicdomid871" class="gmail-ace-line" style="margin:0px;padding:0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px"><ul class="gmail-list-bullet2" style="margin:0px 0px 0px 3em;padding:0px;list-style-type:circle"><li style="margin:0px;padding:0px"><span class="gmail-" style="margin:0px;padding:1px 0px">Agenda: </span><span class="gmail-url" style="margin:0px;padding:1px 0px"><a href="https://etherpad.openstack.org/p/security-agenda" style="margin:0px;padding:0px;white-space:pre-wrap">https://etherpad.openstack.org/p/security-agenda</a></span></li></ul></div><div id="gmail-magicdomid872" class="gmail-ace-line" style="margin:0px;padding:0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px"><ul class="gmail-list-bullet1" style="margin:0px 0px 0px 1.5em;padding:0px"><li style="margin:0px;padding:0px"><span class="gmail-url" style="margin:0px;padding:1px 0px"><a href="https://security.openstack.org/" style="margin:0px;padding:0px;white-space:pre-wrap">https://security.openstack.org/</a></span></li></ul></div><div id="gmail-magicdomid873" class="gmail-ace-line" style="margin:0px;padding:0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px"><ul class="gmail-list-bullet1" style="margin:0px 0px 0px 1.5em;padding:0px"><li style="margin:0px;padding:0px"><span class="gmail-url" style="margin:0px;padding:1px 0px"><a href="https://wiki.openstack.org/wiki/Security-SIG" style="margin:0px;padding:0px;white-space:pre-wrap">https://wiki.openstack.org/wiki/Security-SIG</a></span></li></ul></div><div id="gmail-magicdomid37" class="gmail-ace-line" style="margin:0px;padding:0px;color:rgb(0,0,0);font-size:12px;font-family:"Helvetica Neue",Arial,sans-serif"><br style="margin:0px;padding:0px"></div><div id="gmail-magicdomid874" class="gmail-ace-line" style="margin:0px;padding:0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px"><h3 style="margin:0px;padding:0px"><span class="gmail-" style="margin:0px;padding:1px 0px;line-height:1.5em">## Meeting Notes</span></h3></div><div id="gmail-magicdomid875" class="gmail-ace-line" style="margin:0px;padding:0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px"><ul class="gmail-list-bullet1" style="margin:0px 0px 0px 1.5em;padding:0px"><li style="margin:0px;padding:0px"><span class="gmail-" style="margin:0px;padding:1px 0px">Summary: </span><span class="gmail-url" style="margin:0px;padding:1px 0px"><a href="http://eavesdrop.openstack.org/meetings/security/2019/security.2019-05-23-15.00.txt" style="margin:0px;padding:0px;white-space:pre-wrap">http://eavesdrop.openstack.org/meetings/security/2019/security.2019-05-23-15.00.txt</a></span></li></ul></div><div id="gmail-magicdomid876" class="gmail-ace-line" style="margin:0px;padding:0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px"><ul class="gmail-list-bullet1" style="margin:0px 0px 0px 1.5em;padding:0px"><li style="margin:0px;padding:0px"><span class="gmail-" style="margin:0px;padding:1px 0px">TL;DR: During this week's meeting, we discussed the two bugs/stories listed below, as well as the idea of sending out some Security SIG newsletter.</span></li></ul></div><div id="gmail-magicdomid49" class="gmail-ace-line" style="margin:0px;padding:0px;color:rgb(0,0,0);font-size:12px;font-family:"Helvetica Neue",Arial,sans-serif"><h3 style="margin:0px;padding:0px"><br style="margin:0px;padding:0px"></h3></div><div id="gmail-magicdomid877" class="gmail-ace-line" style="margin:0px;padding:0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px"><h3 style="margin:0px;padding:0px"><span class="gmail-" style="margin:0px;padding:1px 0px;line-height:1.5em">## VMT Bug List</span></h3></div><div id="gmail-magicdomid878" class="gmail-ace-line" style="margin:0px;padding:0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px"><span class="gmail-" style="margin:0px;padding:1px 0px">A full list of publicly marked security issues can be found here: </span><span class="gmail-url" style="margin:0px;padding:1px 0px"><a href="https://bugs.launchpad.net/ossa/" style="margin:0px;padding:0px;white-space:pre-wrap">https://bugs.launchpad.net/ossa/</a></span></div><div id="gmail-magicdomid879" class="gmail-ace-line" style="margin:0px;padding:0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px"><span class="gmail-" style="margin:0px;padding:1px 0px">Updates from this week:</span></div><div id="gmail-magicdomid880" class="gmail-ace-line" style="margin:0px;padding:0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px"><ul class="gmail-list-bullet1" style="margin:0px 0px 0px 1.5em;padding:0px"><li style="margin:0px;padding:0px"><span class="gmail-" style="margin:0px;padding:1px 0px">Security Group filtering hides rules from user Edit: </span><span class="gmail-url" style="margin:0px;padding:1px 0px"><a href="https://bugs.launchpad.net/ossa/+bug/1824248" style="margin:0px;padding:0px;white-space:pre-wrap">https://bugs.launchpad.net/ossa/+bug/1824248</a></span></li></ul></div><div id="gmail-magicdomid881" class="gmail-ace-line" style="margin:0px;padding:0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px"><ul class="gmail-list-bullet2" style="margin:0px 0px 0px 3em;padding:0px;list-style-type:circle"><li style="margin:0px;padding:0px"><span class="gmail-" style="margin:0px;padding:1px 0px">This was made public this week, and multiple fixes have been submitted.</span></li></ul></div><div id="gmail-magicdomid882" class="gmail-ace-line" style="margin:0px;padding:0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px"><ul class="gmail-list-bullet1" style="margin:0px 0px 0px 1.5em;padding:0px"><li style="margin:0px;padding:0px"><span class="gmail-" style="margin:0px;padding:1px 0px">SQL Injection vulnerability in node_cache: </span><span class="gmail-url" style="margin:0px;padding:1px 0px"><a href="https://storyboard.openstack.org/#!/story/2005678" style="margin:0px;padding:0px;white-space:pre-wrap">https://storyboard.openstack.org/#!/story/2005678</a></span></li></ul></div><div id="gmail-magicdomid883" class="gmail-ace-line" style="margin:0px;padding:0px;color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:12px"><ul class="gmail-list-bullet2" style="margin:0px 0px 0px 3em;padding:0px;list-style-type:circle"><li style="margin:0px;padding:0px"><span class="gmail-" style="margin:0px;padding:1px 0px">Made public this week, multiple fixes have been submitted/merged</span></li></ul></div></div></div>