[openstack-ko] [or_kr] 2014.1.4 Icehouse Released

potopro at gmail.com potopro at gmail.com
Tue Mar 17 10:01:56 UTC 2015



원본: Release Notes, 2014.1.4

해결된 보안 이슈

OSSA-2015-005 : Nova console Cross-Site WebSocket hijacking

OSSA-2015-003 : Glance user storage quota bypass

OSSA-2015-002 : Glance v2 API unrestricted path traversal through filesystem:// scheme

OSSA-2014-041 : Glance v2 API unrestricted path traversal

OSSA-2014-040 : Horizon denial of service attack through login page

OSSA-2014-039 : Neutron DoS through invalid DNS configuration

OSSA-2014-038 : Nova network DoS through API filtering

OSSA-2014-037 : Nova VMware instance in resize tate may leak

OSSA-2014-036 : Potential leak of passwords into log files

OSSA-2014-035 : Nova VMware driver may connect VNC to another tenant’s console

버그 픽스

89개의 버그가 픽스됐습니다.

Compute(Nova) 버그 픽스

Identity(Keystone) 버그 픽스

Image registry and Delivery Service(Glance) 버그 픽스

Networking(Neutron) 버그 픽스

Block Storage(Cinder) 버그 픽스

Dashboard(Horizon) 버그 픽스

Orchestration(Heat) 버그 픽스

Telemetry(Ceilometer) 버그 픽스

Database Service(Trove) 버그 픽스

알려진 이슈와 제한사항

Nova

Fix unsafe SSL connection on TrustedFilter adds an option attestation_insecure_ssl in TrustedFilter which can be used to verify CAs. The default value is set to True, disabling SSL certificate verification. While this is the insecure option, it was selected for backward compatibility reasons.

Cinder

Fix for the Eventlet threads not released back to the pool added wsgi_keep_alive option. In order to maintain the backward compatibility default value is True and recommended is to set it to False.

Neutron

There is a known issue in all Icehouse releases that results in Neutron DHCP agent constantly resyncing its state once a network and a subnet is created with a gateway ouside of it. To avoid this, users are encouraged to set force_gateway_on_subnet to True in neutron.conf. See Bug 1304181

Fix for the Eventlet threads not released back to the pool added wsgi_keep_alive option. In order to maintain the backward compatibility default value is True and recommended is to set it to False.

from OpenStack 한국 커뮤니티 http://ift.tt/1EYgfUF
-------------- next part --------------
HTML 첨부를 없애버렸습니다...
URL: <http://lists.openstack.org/pipermail/openstack-ko/attachments/20150317/02094ea7/attachment.html>


More information about the openstack-ko mailing list