We exuberantly announce the release of: cinder 24.1.0: OpenStack Block Storage This release is part of the caracal release series. The source is available from: https://opendev.org/openstack/cinder Download the package from: https://tarballs.openstack.org/cinder/ Please report issues through: https://bugs.launchpad.net/cinder/+bugs For more details, please see below. 24.1.0 ^^^^^^ Security Issues *************** * Images in the qcow2 format with an external data file are now rejected with an "ImageUnacceptable" error because such images could be used in an exploit to expose host information. Given that qcow2 external data files were never supported by Cinder, this change should have no impact on users. See Bug #2059809 (https://bugs.launchpad.net/cinder/+bug/2059809) for details. Bug Fixes ********* * Dell PowerMax driver bug #2034937 (https://bugs.launchpad.net/cinder/+bug/2034937): Fixed This change is to update the live migration ability in environments using PowerMax. In previous 2023.1 version, the live migration fails without a pool name. This update add the ability of live migration without a pool name. * Bug #2058596 (https://bugs.launchpad.net/cinder/+bug/2058596): Fixed broken "backup_swift_service_auth=True" which made swift backup driver consistently fail during object data access. * Bug #2059809 (https://bugs.launchpad.net/cinder/+bug/2059809): Fixed issue where a qcow2 format image with an external data file could expose host information. Such an image is now rejected with an "ImageUnacceptable" error if it is used to create a volume. Given that qcow2 external data files were never supported by Cinder, the only use for such an image previously was to attempt to steal host information, and hence this change should have no impact on users. * Bug #2031897 (https://bugs.launchpad.net/cinder/+bug/2031897): Fixed issues for volume backups with the Ceph driver where failures of the first process ("rbd export-diff") were not caught. Instead, only the return code of the second process ("rbd import-diff") was recognized. This change also preserves the stderr that was lost previously in order to ease debugging. Changes in cinder 24.0.0..24.1.0 -------------------------------- db98dc207 CVE-2024-32498: Check for external qcow2 data file 966bc53c8 Fix broken backup_swift_service_auth=True 52f885b77 Ceph: Catch more failure conditions on volume backup 1aa541d02 PowerMax: Allow live migration without pool name Diffstat (except docs and test files) ------------------------------------- cinder/backup/drivers/ceph.py | 58 +- cinder/backup/drivers/swift.py | 3 +- cinder/image/format_inspector.py | 938 +++++++++++++++++++++ cinder/image/image_utils.py | 86 +- cinder/privsep/format_inspector.py | 38 + cinder/service_auth.py | 11 + .../drivers/dell_emc/powermax/powermax_data.py | 7 + .../dell_emc/powermax/test_powermax_masking.py | 17 + cinder/volume/drivers/dell_emc/powermax/masking.py | 10 +- cinder/volume/drivers/nfs.py | 10 + cinder/volume/drivers/remotefs.py | 3 +- ...ation-without-a-pool-name-7690fcd67b5f690c.yaml | 10 + .../notes/bug-2058596-3c676e7fdc642b3d.yaml | 6 + ...9-disallow-qcow2-datafile-abc4e6d8be766710.yaml | 19 + ...h-more-failure-conditions-d2ec640f5ff8051c.yaml | 10 + 23 files changed, 2123 insertions(+), 93 deletions(-)