We are tickled pink to announce the release of: kolla 14.5.0: Kolla OpenStack Deployment This release is part of the yoga stable release series. The source is available from: https://opendev.org/openstack/kolla Download the package from: https://tarballs.openstack.org/kolla/ Please report issues through: https://bugs.launchpad.net/kolla/+bugs For more details, please see below. 14.5.0 ^^^^^^ Upgrade Notes ************* * To fix CVE-2022-38060, support for KOLLA_CONFIG and KOLLA_CONFIG_FILE environment variables in kolla-built containers has been dropped. Now, only the single trusted path of "/var/lib/kolla/config_files/config.json" will be utilised for loading container config. We believe this is a reasonable tradeoff as these environment variables were not used by any known downstream and potential users in the wild can easily adapt as this does not limit the functionality per se, only making it stricter as to where the config can come from. Security Issues *************** * Fixes CVE-2022-38060, a sudo privilege escalation vulnerability. LP#1985784 Changes in kolla 14.4.0..14.5.0 ------------------------------- 91c9a011f Fix CVE-2022-38060 Diffstat (except docs and test files) ------------------------------------- .../notes/bug-1985784-59df54a10a004551.yaml | 16 ++++++++++++++++ 5 files changed, 24 insertions(+), 53 deletions(-)