[release-announce] nova 17.0.12 (queens)
no-reply at openstack.org
no-reply at openstack.org
Mon Aug 19 15:59:25 UTC 2019
We contentedly announce the release of:
nova 17.0.12: Cloud computing fabric controller
This release is part of the queens stable release series.
The source is available from:
https://opendev.org/openstack/nova
Download the package from:
https://tarballs.openstack.org/nova/
Please report issues through:
https://bugs.launchpad.net/nova/+bugs
For more details, please see below.
17.0.12
^^^^^^^
Security Issues
***************
* OSSA-2019-003: Nova Server Resource Faults Leak External Exception
Details (CVE-2019-14433)
This release contains a security fix for bug 1837877 where users
without the admin role can be exposed to sensitive error details in
the server resource fault "message".
There is a behavior change where non-nova exceptions will only
record the exception class name in the fault "message" field which
is exposed to all users, regardless of the admin role.
The fault "details", which are only exposed to users with the admin
role, will continue to include the traceback and also include the
exception value which for non-nova exceptions is what used to be
exposed in the fault "message" field. Meaning, the information that
admins could see for server faults is still available, but the
exception value may be in "details" rather than "message" now.
(https://security.openstack.org/ossa/OSSA-2019-003.html)
(https://bugs.launchpad.net/nova/+bug/1837877)
Bug Fixes
*********
* Bug 1811726 is fixed by deleting the resource provider (in
placement) associated with each compute node record managed by a
"nova-compute" service when that service is deleted via the "DELETE
/os-services/{service_id}" API. This is particularly important for
compute services managing ironic baremetal nodes.
(https://bugs.launchpad.net/nova/+bug/1811726)
Changes in nova 17.0.11..17.0.12
--------------------------------
b6108ebb3f doc: Fix a parameter of NotificationPublisher
dc2963d2a0 Fix double word hacking test
472b999355 Disable limit if affinity(anti)/same(different)host is requested
f77c628b4f Fix type error on call to mount device
3dcefba60a Replace non-nova server fault message
8afc39a2c7 Stabilize unshelve notification sample tests
97e78f8cc1 Don't generate service UUID for deleted services
57538f0d8d Add functional regression test for bug 1778305
de035bbfcc Add functional recreate test for bug 1764556
3ec4c5ed9c Cleanup when hitting MaxRetriesExceeded from no host_available
26ec2cbe59 Add functional regression test for bug 1837955
d2f91755ab libvirt: flatten rbd images when unshelving an instance
1535f8e215 fix cellv2 delete_host
028a8e949e libvirt: move checking CONF.my_ip to init_host()
92ecfaab5e docs: Correct issues with 'openstack quota set' commands
1c56895dc1 Changing scheduler sync event from INFO to DEBUG
9bc9567532 Init HostState.failed_builds
b2f438bab4 Delete resource providers for all nodes when deleting compute service
Diffstat (except docs and test files)
-------------------------------------
nova/api/openstack/compute/services.py | 11 +-
nova/cmd/manage.py | 5 +-
nova/compute/utils.py | 41 ++++--
nova/conductor/manager.py | 32 +++-
nova/db/sqlalchemy/api.py | 3 +-
nova/objects/service.py | 2 +-
nova/scheduler/host_manager.py | 5 +-
nova/scheduler/utils.py | 6 +
.../functional/regressions/test_bug_1764556.py | 155 +++++++++++++++++++
.../functional/regressions/test_bug_1778305.py | 61 ++++++++
.../functional/regressions/test_bug_1837955.py | 104 +++++++++++++
.../unit/api/openstack/compute/test_services.py | 20 ++-
nova/virt/disk/mount/api.py | 2 +-
nova/virt/libvirt/driver.py | 34 ++++-
nova/virt/libvirt/imagebackend.py | 11 ++
...1811726-multi-node-delete-2ba17f02c6171fbb.yaml | 10 ++
...ve-fault-message-exposure-5360d794f4976b7c.yaml | 23 +++
32 files changed, 901 insertions(+), 124 deletions(-)
More information about the Release-announce
mailing list