원본: Release Notes, 2014.1.4 해결된 보안 이슈 OSSA-2015-005 : Nova console Cross-Site WebSocket hijacking OSSA-2015-003 : Glance user storage quota bypass OSSA-2015-002 : Glance v2 API unrestricted path traversal through filesystem:// scheme OSSA-2014-041 : Glance v2 API unrestricted path traversal OSSA-2014-040 : Horizon denial of service attack through login page OSSA-2014-039 : Neutron DoS through invalid DNS configuration OSSA-2014-038 : Nova network DoS through API filtering OSSA-2014-037 : Nova VMware instance in resize tate may leak OSSA-2014-036 : Potential leak of passwords into log files OSSA-2014-035 : Nova VMware driver may connect VNC to another tenant’s console 버그 픽스 89개의 버그가 픽스됐습니다. Compute(Nova) 버그 픽스 Identity(Keystone) 버그 픽스 Image registry and Delivery Service(Glance) 버그 픽스 Networking(Neutron) 버그 픽스 Block Storage(Cinder) 버그 픽스 Dashboard(Horizon) 버그 픽스 Orchestration(Heat) 버그 픽스 Telemetry(Ceilometer) 버그 픽스 Database Service(Trove) 버그 픽스 알려진 이슈와 제한사항 Nova Fix unsafe SSL connection on TrustedFilter adds an option attestation_insecure_ssl in TrustedFilter which can be used to verify CAs. The default value is set to True, disabling SSL certificate verification. While this is the insecure option, it was selected for backward compatibility reasons. Cinder Fix for the Eventlet threads not released back to the pool added wsgi_keep_alive option. In order to maintain the backward compatibility default value is True and recommended is to set it to False. Neutron There is a known issue in all Icehouse releases that results in Neutron DHCP agent constantly resyncing its state once a network and a subnet is created with a gateway ouside of it. To avoid this, users are encouraged to set force_gateway_on_subnet to True in neutron.conf. See Bug 1304181 Fix for the Eventlet threads not released back to the pool added wsgi_keep_alive option. In order to maintain the backward compatibility default value is True and recommended is to set it to False. from OpenStack 한국 커뮤니티 http://ift.tt/1EYgfUF