Hello everyone, Due to a hectic October, this newsletter will have the updates for the month. The SIG meetings for the 07th, 21st, and 28th in November will be cancelled as well due to Summit/PTG & Holidays. Have a Happy Halloween! #Date: 31 Oct 2019 - Security SIG Meeting Info: http://eavesdrop.openstack.org/#Security_SIG_meeting - Weekly on Thursday at 1500 UTC in #openstack-meeting - Agenda: https://etherpad.openstack.org/p/security-agenda - https://security.openstack.org/ - https://wiki.openstack.org/wiki/Security-SIG #Meeting Notes (October) - fungi volunteers to be nova spec liaison for ussuri image encryption spec in nova: http://eavesdrop.openstack.org/meetings/image_encryption/2019/image_encrypti... - The Security SIG won't be meeting on the following dates in November due to the Summit/PTG & Holidays - Nov 07th, Nov 21st, Nov 28th #VMT Reports - A full list of publicly marked security issues can be found here: https://bugs.launchpad.net/ossa/ - OSSA-2019-005 was released this month: https://security.openstack.org/ossa/OSSA-2019-005.html - ceph backend, secret key leak: https://bugs.launchpad.net/cinder/+bug/1849624 - CSV Injection Possible in Compute Usage History: https://bugs.launchpad.net/horizon/+bug/1842749