We are thrilled to announce the release of:
octavia 2.1.2: OpenStack Octavia Scalable Load Balancer as a Service
This release is part of the queens stable release series.
The source is available from:
https://opendev.org/openstack/octavia
Download the package from:
https://pypi.org/project/octavia
Please report issues through:
https://storyboard.openstack.org/#!/project/908
For more details, please see below.
2.1.2 ^^^^^
Security Issues ***************
* Correctly require two-way certificate authentication to connect to the amphora agent API (CVE-2019-17134).
Bug Fixes *********
* Fixed an issue with the health manager reporting an UnboundLocalError if it gets an exception attempting to get a database connection.
* Fixes a potential DB deadlock in allocate_and_associate found in testing.
* Fixed an issue where invalid certificates would trigger an amphora failover loop. Certificates are now validated at API level.
* The passphrase for config option 'server_certs_key_passphrase' is used as a Fernet key in Octavia and thus must be 32, base64(url) compatible, characters long. Octavia will now validate the passphrase length and format.
Changes in octavia 2.1.1..2.1.2 -------------------------------
89a2f6e0 Fix urgent amphora two-way auth security bug 431d9c9b Fix l7rule API handling of None updates 1769de35 Validate server_certs_key_passphrase is 32 chars d6c1f8ec Work around strptime threading issue 70d97efb Fix template that generates vrrp check script 3df43dc0 Revert "Use the infra pypi mirror for DIB" 2959d88b Add failover logging to show the amphora details. d43c4f42 only rollback DB when we have a connection to the DB 66d71b01 Fix L7 repository create methods 9ae2f61b Use the infra pypi mirror for DIB e7686135 Add warning log if auth_strategy is not keystone 37aad5db worker: Re-add FailoverPreparationForAmphora 7eb83acc Update tox.ini for new upper constraints strategy 26d8fde6 Validate certificate content at API level d9c459a8 Add bindep.txt for Octavia a96b00b4 Fix allocate_and_associate DB deadlock
Diffstat (except docs and test files) -------------------------------------
bindep.txt | 2 ++ .../templates/keepalived_check_script.conf.j2 | 2 +- octavia/api/v2/controllers/l7rule.py | 5 +++ octavia/api/v2/controllers/listener.py | 4 ++- octavia/api/v2/controllers/load_balancer.py | 4 ++- octavia/certificates/common/local.py | 6 ++-- octavia/cmd/agent.py | 3 +- octavia/cmd/api.py | 6 ++++ octavia/common/base_taskflow.py | 3 ++ octavia/common/tls_utils/cert_parser.py | 19 +++++----- octavia/common/validate.py | 2 ++ octavia/controller/healthmanager/health_manager.py | 4 ++- octavia/controller/worker/controller_worker.py | 26 +++++++++++++- octavia/controller/worker/flows/amphora_flows.py | 4 +++ octavia/db/repositories.py | 9 +++++ .../healthmanager/test_health_manager.py | 18 ++++++++++ ...DB-Rollback-no-connection-2664c4f7823ecaec.yaml | 5 +++ ...te_and_associate-deadlock-3ff1464421c1d464.yaml | 4 +++ ...client-auth-vulnerability-6803f4bac2508e4c.yaml | 5 +++ ...ix-certificate-validation-d65df8ff16e7f985.yaml | 5 +++ ...rver_certs_key_passphrase-6a9dfc190c9deba8.yaml | 6 ++++ tox.ini | 11 +++--- 27 files changed, 212 insertions(+), 38 deletions(-)
participants (1)
-
no-reply@openstack.org