[release-announce] ironic-inspector 7.2.4 (queens)
no-reply at openstack.org
no-reply at openstack.org
Wed May 22 16:29:36 UTC 2019
We exuberantly announce the release of:
ironic-inspector 7.2.4: Hardware introspection for OpenStack Bare
Metal
This release is part of the queens stable release series.
The source is available from:
https://opendev.org/openstack/ironic-inspector
Download the package from:
https://tarballs.openstack.org/ironic-inspector/
Please report issues through:
https://bugs.launchpad.net/ironic-inspector/+bugs
For more details, please see below.
7.2.4
^^^^^
Security Issues
***************
* Fixes insufficient input filtering when looking up a node by
information from the introspection data. It could potentially allow
SQL injections via the "/v1/continue" API endpoint. See story
2005678 (https://storyboard.openstack.org/#!/story/2005678) for
details.
Bug Fixes
*********
* Fix starting inspection of node having IPv6 BMC address.
Inspection could not be initiated because v6 address was being
considered as a hostname. Thus resolving incorrect hostname ended up
with blocking error.
Changes in ironic-inspector 7.2.3..7.2.4
----------------------------------------
17c796b Eliminate SQL injection vulnerability in node_cache
a28fd20 OpenDev Migration Patch
4cdd6f0 Replace openstack.org git:// URLs with https://
81c0e17 Fix lookup when ipmi_address is a hostname
d934e9a Use getaddrinfo instead of gethostbyname while resolving BMC address
Diffstat (except docs and test files)
-------------------------------------
.gitreview | 2 +-
ironic_inspector/common/ironic.py | 37 +++++++++++----
ironic_inspector/introspect.py | 5 +-
ironic_inspector/node_cache.py | 15 +++---
ironic_inspector/plugins/discovery.py | 3 +-
ironic_inspector/test/unit/test_common_ironic.py | 53 ++++++++++++++--------
ironic_inspector/test/unit/test_introspect.py | 40 +++++++++++++---
ironic_inspector/test/unit/test_node_cache.py | 5 ++
.../legacy/ironic-inspector-grenade-dsvm/run.yaml | 18 ++++----
.../run.yaml | 12 ++---
.../ironic-inspector-tempest-dsvm-python3/run.yaml | 10 ++--
...find-node-input-filtering-e8ea529252e80739.yaml | 7 +++
...-address-start-inspection-7a72794f25eb9f19.yaml | 7 +++
zuul.d/legacy-ironic-inspector-jobs.yaml | 4 +-
14 files changed, 151 insertions(+), 67 deletions(-)
More information about the Release-announce
mailing list