We are overjoyed to announce the release of: cinder 21.1.0: OpenStack Block Storage This release is part of the zed stable release series. The source is available from: https://opendev.org/openstack/cinder Download the package from: https://tarballs.openstack.org/cinder/ Please report issues through: https://bugs.launchpad.net/cinder/+bugs For more details, please see below. 21.1.0 ^^^^^^ Upgrade Notes ************* * This release introduces a new configuration option, "vmdk_allowed_types", that specifies the list of VMDK image subformats that Cinder will allow. The default setting allows only the 'streamOptimized' and 'monolithicSparse' subformats, which do not use named extents. Security Issues *************** * This release introduces a new configuration option, "vmdk_allowed_types", that specifies the list of VMDK image subformats that Cinder will allow in order to prevent exposure of host information by modifying the named extents in a VMDK image. The default setting allows only the 'streamOptimized' and 'monolithicSparse' subformats, which do not use named extents. * As part of the fix for Bug #1996188 (https://bugs.launchpad.net/cinder/+bug/1996188), cinder is now more strict in checking that the "disk_format" recorded for an image (as revealed by the Image Service API image-show response) matches what cinder detects when it downloads the image. Thus, some requests to create a volume from a source image that had previously succeeded may fail with an "ImageUnacceptable" error. Bug Fixes ********* * Bug #1996188 (https://bugs.launchpad.net/cinder/+bug/1996188): Fixed issue where a VMDK image file whose createType allowed named extents could expose host information. This change introduces a new configuration option, "vmdk_allowed_types", that specifies the list of VMDK image subformats that Cinder will allow. The default setting allows only the 'streamOptimized' and 'monolithicSparse' subformats. Changes in cinder 21.0.0..21.1.0 -------------------------------- 11b0f97a0 Use the json format output of qemu-img info ba37dc2ea Check VMDK subformat against an allowed list Diffstat (except docs and test files) ------------------------------------- cinder/image/image_utils.py | 193 ++++++++-- cinder/volume/flows/manager/create_volume.py | 4 +- ...vmdk-subformat-allow-list-93e6943d9a486d11.yaml | 33 ++ 6 files changed, 764 insertions(+), 218 deletions(-)