[release-announce] kolla 13.5.0 (xena)
no-reply at openstack.org
no-reply at openstack.org
Fri Sep 9 09:16:29 UTC 2022
We joyfully announce the release of:
kolla 13.5.0: Kolla OpenStack Deployment
This release is part of the xena stable release series.
The source is available from:
https://opendev.org/openstack/kolla
Download the package from:
https://tarballs.openstack.org/kolla/
Please report issues through:
https://bugs.launchpad.net/kolla/+bugs
For more details, please see below.
13.5.0
^^^^^^
Upgrade Notes
*************
* To fix CVE-2022-38060, support for KOLLA_CONFIG and
KOLLA_CONFIG_FILE environment variables in kolla-built containers
has been dropped. Now, only the single trusted path of
"/var/lib/kolla/config_files/config.json" will be utilised for
loading container config. We believe this is a reasonable tradeoff
as these environment variables were not used by any known downstream
and potential users in the wild can easily adapt as this does not
limit the functionality per se, only making it stricter as to where
the config can come from.
Security Issues
***************
* Fixes CVE-2022-38060, a sudo privilege escalation vulnerability.
LP#1985784
Changes in kolla 13.4.0..13.5.0
-------------------------------
1011fc60c Fix CVE-2022-38060
Diffstat (except docs and test files)
-------------------------------------
.../notes/bug-1985784-59df54a10a004551.yaml | 16 ++++++++++++++++
5 files changed, 24 insertions(+), 53 deletions(-)
More information about the Release-announce
mailing list