At the Denver Summit, one of the forum sessions was a PTL Tips & Tricks session[0] where one topic was sending out a project update email. Other projects/SIGs seem to do this from time-to-time (this idea was mostly inspired by Keystone's weekly newsletter, thanks cmurphy!) and the plan for the Security SIG to do something similar was discussed during this week's meeting and seemed to have unanimous approval. So starting this week, the Security SIG will begin sending out a weekly newsletter, the overall goal of this is to provide updates to the happenings of the Security SIG as well as provide insight to the current security happenings within OpenStack. As the amount of content varies week to week, the occurrence may be tweaked in the future to something bi-weekly or monthly as we see how this goes. [0] https://etherpad.openstack.org/p/DEN-ptl-tips-and-tricks If there's anything else you would like to see here or feedback you'd like to give, please feel free to respond here, reach out via IRC in #openstack-security, and/or comment in the newsletter etherpad here: https://etherpad.openstack.org/p/security-sig-newsletter. Thanks! # Week of: 23 May 2019 - Security SIG Meeting Info: http://eavesdrop.openstack.org/#Security_SIG_meeting - Weekly on Thursday at 1500 UTC in #openstack-meeting - Agenda: https://etherpad.openstack.org/p/security-agenda - https://security.openstack.org/ - https://wiki.openstack.org/wiki/Security-SIG ## Meeting Notes - Summary: http://eavesdrop.openstack.org/meetings/security/2019/security.2019-05-23-15... - TL;DR: During this week's meeting, we discussed the two bugs/stories listed below, as well as the idea of sending out some Security SIG newsletter. ## VMT Bug List A full list of publicly marked security issues can be found here: https://bugs.launchpad.net/ossa/ Updates from this week: - Security Group filtering hides rules from user Edit: https://bugs.launchpad.net/ossa/+bug/1824248 - This was made public this week, and multiple fixes have been submitted. - SQL Injection vulnerability in node_cache: https://storyboard.openstack.org/#!/story/2005678 - Made public this week, multiple fixes have been submitted/merged