• 원본: Release Notes, 2014.1.4

해결된 보안 이슈

• OSSA-2015-005 : Nova console Cross-Site WebSocket hijacking
• OSSA-2015-003 : Glance user storage quota bypass
• OSSA-2015-002 : Glance v2 API unrestricted path traversal through filesystem:// scheme
• OSSA-2014-041 : Glance v2 API unrestricted path traversal
• OSSA-2014-040 : Horizon denial of service attack through login page
• OSSA-2014-039 : Neutron DoS through invalid DNS configuration
• OSSA-2014-038 : Nova network DoS through API filtering
• OSSA-2014-037 : Nova VMware instance in resize tate may leak
• OSSA-2014-036 : Potential leak of passwords into log files
• OSSA-2014-035 : Nova VMware driver may connect VNC to another tenant’s console

버그 픽스

• 89개의 버그가 픽스됐습니다.
• Compute(Nova) 버그 픽스
• Identity(Keystone) 버그 픽스
• Image registry and Delivery Service(Glance) 버그 픽스
• Networking(Neutron) 버그 픽스
• Block Storage(Cinder) 버그 픽스
• Dashboard(Horizon) 버그 픽스
• Orchestration(Heat) 버그 픽스
• Telemetry(Ceilometer) 버그 픽스
• Database Service(Trove) 버그 픽스

알려진 이슈와 제한사항

Nova

• Fix unsafe SSL connection on TrustedFilter adds an option attestation_insecure_ssl in TrustedFilter which can be used to verify CAs. The default value is set to True, disabling SSL certificate verification. While this is the insecure option, it was selected for backward compatibility reasons.

Cinder

• Fix for the Eventlet threads not released back to the pool added wsgi_keep_alive option. In order to maintain the backward compatibility default value is True and recommended is to set it to False.

Neutron

• There is a known issue in all Icehouse releases that results in Neutron DHCP agent constantly resyncing its state once a network and a subnet is created with a gateway ouside of it. To avoid this, users are encouraged to set force_gateway_on_subnet to True in neutron.conf. See Bug 1304181
• Fix for the Eventlet threads not released back to the pool added wsgi_keep_alive option. In order to maintain the backward compatibility default value is True and recommended is to set it to False.