[openstack-ko] [or_kr] 2014.1.4 Icehouse Released

potopro at gmail.com potopro at gmail.com
Tue Mar 17 10:01:56 UTC 2015 


¿øº»: Release Notes, 2014.1.4

ÇØ°áµÈ º¸¾È À̽´

OSSA-2015-005 : Nova console Cross-Site WebSocket hijacking

OSSA-2015-003 : Glance user storage quota bypass

OSSA-2015-002 : Glance v2 API unrestricted path traversal through filesystem:// scheme

OSSA-2014-041 : Glance v2 API unrestricted path traversal

OSSA-2014-040 : Horizon denial of service attack through login page

OSSA-2014-039 : Neutron DoS through invalid DNS configuration

OSSA-2014-038 : Nova network DoS through API filtering

OSSA-2014-037 : Nova VMware instance in resize tate may leak

OSSA-2014-036 : Potential leak of passwords into log files

OSSA-2014-035 : Nova VMware driver may connect VNC to another tenant¡¯s console

¹ö±× ÇȽº

89°³ÀÇ ¹ö±×°¡ ÇȽºµÆ½À´Ï´Ù.

Compute(Nova) ¹ö±× ÇȽº

Identity(Keystone) ¹ö±× ÇȽº

Image registry and Delivery Service(Glance) ¹ö±× ÇȽº

Networking(Neutron) ¹ö±× ÇȽº

Block Storage(Cinder) ¹ö±× ÇȽº

Dashboard(Horizon) ¹ö±× ÇȽº

Orchestration(Heat) ¹ö±× ÇȽº

Telemetry(Ceilometer) ¹ö±× ÇȽº

Database Service(Trove) ¹ö±× ÇȽº

¾Ë·ÁÁø À̽´¿Í Á¦ÇÑ»çÇ×

Nova

Fix unsafe SSL connection on TrustedFilter adds an option attestation_insecure_ssl in TrustedFilter which can be used to verify CAs. The default value is set to True, disabling SSL certificate verification. While this is the insecure option, it was selected for backward compatibility reasons.

Cinder

Fix for the Eventlet threads not released back to the pool added wsgi_keep_alive option. In order to maintain the backward compatibility default value is True and recommended is to set it to False.

Neutron

There is a known issue in all Icehouse releases that results in Neutron DHCP agent constantly resyncing its state once a network and a subnet is created with a gateway ouside of it. To avoid this, users are encouraged to set force_gateway_on_subnet to True in neutron.conf. See Bug 1304181

Fix for the Eventlet threads not released back to the pool added wsgi_keep_alive option. In order to maintain the backward compatibility default value is True and recommended is to set it to False.

from OpenStack Çѱ¹ Ä¿¹Â´ÏƼ http://ift.tt/1EYgfUF
-------------- next part --------------
HTML ÷ºÎ¸¦ ¾ø¾Ö¹ö·È½À´Ï´Ù...
URL: <http://lists.openstack.org/pipermail/openstack-ko/attachments/20150317/02094ea7/attachment.html>

More information about the openstack-ko mailing list