We contentedly announce the release of: nova 17.0.12: Cloud computing fabric controller This release is part of the queens stable release series. The source is available from: https://opendev.org/openstack/nova Download the package from: https://tarballs.openstack.org/nova/ Please report issues through: https://bugs.launchpad.net/nova/+bugs For more details, please see below. 17.0.12 ^^^^^^^ Security Issues *************** * OSSA-2019-003: Nova Server Resource Faults Leak External Exception Details (CVE-2019-14433) This release contains a security fix for bug 1837877 where users without the admin role can be exposed to sensitive error details in the server resource fault "message". There is a behavior change where non-nova exceptions will only record the exception class name in the fault "message" field which is exposed to all users, regardless of the admin role. The fault "details", which are only exposed to users with the admin role, will continue to include the traceback and also include the exception value which for non-nova exceptions is what used to be exposed in the fault "message" field. Meaning, the information that admins could see for server faults is still available, but the exception value may be in "details" rather than "message" now. (https://security.openstack.org/ossa/OSSA-2019-003.html) (https://bugs.launchpad.net/nova/+bug/1837877) Bug Fixes ********* * Bug 1811726 is fixed by deleting the resource provider (in placement) associated with each compute node record managed by a "nova-compute" service when that service is deleted via the "DELETE /os-services/{service_id}" API. This is particularly important for compute services managing ironic baremetal nodes. (https://bugs.launchpad.net/nova/+bug/1811726) Changes in nova 17.0.11..17.0.12 -------------------------------- b6108ebb3f doc: Fix a parameter of NotificationPublisher dc2963d2a0 Fix double word hacking test 472b999355 Disable limit if affinity(anti)/same(different)host is requested f77c628b4f Fix type error on call to mount device 3dcefba60a Replace non-nova server fault message 8afc39a2c7 Stabilize unshelve notification sample tests 97e78f8cc1 Don't generate service UUID for deleted services 57538f0d8d Add functional regression test for bug 1778305 de035bbfcc Add functional recreate test for bug 1764556 3ec4c5ed9c Cleanup when hitting MaxRetriesExceeded from no host_available 26ec2cbe59 Add functional regression test for bug 1837955 d2f91755ab libvirt: flatten rbd images when unshelving an instance 1535f8e215 fix cellv2 delete_host 028a8e949e libvirt: move checking CONF.my_ip to init_host() 92ecfaab5e docs: Correct issues with 'openstack quota set' commands 1c56895dc1 Changing scheduler sync event from INFO to DEBUG 9bc9567532 Init HostState.failed_builds b2f438bab4 Delete resource providers for all nodes when deleting compute service Diffstat (except docs and test files) ------------------------------------- nova/api/openstack/compute/services.py | 11 +- nova/cmd/manage.py | 5 +- nova/compute/utils.py | 41 ++++-- nova/conductor/manager.py | 32 +++- nova/db/sqlalchemy/api.py | 3 +- nova/objects/service.py | 2 +- nova/scheduler/host_manager.py | 5 +- nova/scheduler/utils.py | 6 + .../functional/regressions/test_bug_1764556.py | 155 +++++++++++++++++++ .../functional/regressions/test_bug_1778305.py | 61 ++++++++ .../functional/regressions/test_bug_1837955.py | 104 +++++++++++++ .../unit/api/openstack/compute/test_services.py | 20 ++- nova/virt/disk/mount/api.py | 2 +- nova/virt/libvirt/driver.py | 34 ++++- nova/virt/libvirt/imagebackend.py | 11 ++ ...1811726-multi-node-delete-2ba17f02c6171fbb.yaml | 10 ++ ...ve-fault-message-exposure-5360d794f4976b7c.yaml | 23 +++ 32 files changed, 901 insertions(+), 124 deletions(-)