We joyfully announce the release of: kolla 13.5.0: Kolla OpenStack Deployment This release is part of the xena stable release series. The source is available from: https://opendev.org/openstack/kolla Download the package from: https://tarballs.openstack.org/kolla/ Please report issues through: https://bugs.launchpad.net/kolla/+bugs For more details, please see below. 13.5.0 ^^^^^^ Upgrade Notes ************* * To fix CVE-2022-38060, support for KOLLA_CONFIG and KOLLA_CONFIG_FILE environment variables in kolla-built containers has been dropped. Now, only the single trusted path of "/var/lib/kolla/config_files/config.json" will be utilised for loading container config. We believe this is a reasonable tradeoff as these environment variables were not used by any known downstream and potential users in the wild can easily adapt as this does not limit the functionality per se, only making it stricter as to where the config can come from. Security Issues *************** * Fixes CVE-2022-38060, a sudo privilege escalation vulnerability. LP#1985784 Changes in kolla 13.4.0..13.5.0 ------------------------------- 1011fc60c Fix CVE-2022-38060 Diffstat (except docs and test files) ------------------------------------- .../notes/bug-1985784-59df54a10a004551.yaml | 16 ++++++++++++++++ 5 files changed, 24 insertions(+), 53 deletions(-)