We are satisfied to announce the release of: nova 15.0.8: Cloud computing fabric controller This release is part of the ocata release series. Download the package from: https://tarballs.openstack.org/nova/ For more details, please see below. 15.0.8 ^^^^^^ Security Issues * OSSA-2017-005: Nova Filter Scheduler bypass through rebuild action By rebuilding an instance, an authenticated user may be able to circumvent the FilterScheduler bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter). All setups using the FilterScheduler (or CachingScheduler) are affected. The fix is in the *nova-api* and *nova-conductor* services. (https://security.openstack.org/ossa/OSSA-2017-005.html) Changes in nova 15.0.7..15.0.8 ------------------------------ ffd4f72 Add security release note for OSSA-2017-005 b72105c Validate new image via scheduler during rebuild 3c89458 Correct log message when removing a security group 96ad604 Set group_members when converting to legacy request spec 64f773a libvirt: do not remove inst_base when volume-backed during resize fe8acf0 Pass requested_destination in filter_properties 0b67242 Functional regression test for evacuate with a target fc10b54 libvirt: Don't disregard cache mode for instance boot disks 5d5c5a5 libvirt: add check for VIR_DOMAIN_BLOCK_REBASE_COPY_DEV d7a60f8 Target context for build notification in conductor 014effb Make conductor create InstanceAction in the proper cell 1c88f3f Account for compute.metrics.update in legacy notification whitelist 98cef3a Add live.migration.force.complete to the legacy notification whitelist 14eeaf1 Test InstanceNotFound handling in 'nova usage' f5e8060 Fix --max-count handling for nova-manage cell_v2 map_instances befcda5 Fix 500 if list servers called with empty regex pattern b257720 neutron: handle binding:profile=None during migration 2b5c543 Handle keypair not found from metadata server using cells 5fa3f2c libvirt: Fix getting a wrong guest object 50eb1c6 Provide original fault message when BFV fails b55ca35 Provide hints when nova-manage db sync fails to sync cell0 bcf110f Add format_dom for PCI device addresses b03f548 Remove host filter for _cleanup_running_deleted_instances periodic task b296f1e Do not log live migration success when it actually failed db9cd37 no instance info cache update if instance deleted Diffstat (except docs and test files) ------------------------------------- nova/api/metadata/base.py | 11 +- nova/api/validation/validators.py | 2 +- nova/cmd/manage.py | 22 ++- nova/compute/api.py | 17 +- nova/compute/manager.py | 22 ++- nova/conductor/manager.py | 23 ++- nova/network/base_api.py | 5 + nova/network/neutronv2/api.py | 23 ++- nova/network/security_group/neutron_driver.py | 4 +- nova/objects/request_spec.py | 10 +- nova/rpc.py | 3 + .../functional/regressions/test_bug_1702454.py | 157 +++++++++++++++ .../functional/regressions/test_bug_1719730.py | 126 ++++++++++++ .../unit/api/openstack/compute/test_serversV21.py | 14 ++ .../openstack/compute/test_simple_tenant_usage.py | 72 ++++++- nova/virt/libvirt/config.py | 14 ++ nova/virt/libvirt/driver.py | 29 ++- nova/virt/libvirt/host.py | 2 +- ...31-validate-image-rebuild-9c5b05a001c94a4d.yaml | 13 ++ 37 files changed, 1171 insertions(+), 166 deletions(-)