[release-announce] kolla 14.5.0 (yoga)
no-reply at openstack.org
no-reply at openstack.org
Fri Sep 9 09:08:31 UTC 2022
We are tickled pink to announce the release of:
kolla 14.5.0: Kolla OpenStack Deployment
This release is part of the yoga stable release series.
The source is available from:
https://opendev.org/openstack/kolla
Download the package from:
https://tarballs.openstack.org/kolla/
Please report issues through:
https://bugs.launchpad.net/kolla/+bugs
For more details, please see below.
14.5.0
^^^^^^
Upgrade Notes
*************
* To fix CVE-2022-38060, support for KOLLA_CONFIG and
KOLLA_CONFIG_FILE environment variables in kolla-built containers
has been dropped. Now, only the single trusted path of
"/var/lib/kolla/config_files/config.json" will be utilised for
loading container config. We believe this is a reasonable tradeoff
as these environment variables were not used by any known downstream
and potential users in the wild can easily adapt as this does not
limit the functionality per se, only making it stricter as to where
the config can come from.
Security Issues
***************
* Fixes CVE-2022-38060, a sudo privilege escalation vulnerability.
LP#1985784
Changes in kolla 14.4.0..14.5.0
-------------------------------
91c9a011f Fix CVE-2022-38060
Diffstat (except docs and test files)
-------------------------------------
.../notes/bug-1985784-59df54a10a004551.yaml | 16 ++++++++++++++++
5 files changed, 24 insertions(+), 53 deletions(-)
More information about the Release-announce
mailing list