Note de release pour Liberty¶
11.0.2¶
Problèmes de sécurités¶
Fixing bug 1525915; image might be transitioning from active to queued by regular user by removing last location of image (or replacing locations with empty list). This allows user to re-upload data to the image breaking Glance’s promise of image data immutability. From now on, last location cannot be removed and locations cannot be replaced with empty list.
All
qemu-img info
calls will be run under resource limitations that limit the CPU time and address space usage of the process if oslo.concurrency is at least version 2.6.1.qemu-img info
calls are now limited to 2 seconds and 1 GB respectively. This addresses the bug https://bugs.launchpad.net/glance/+bug/1449062 Current usage of « qemu-img » is limited to Glance tasks. In the Mitaka release, tasks by default will only be available to admin users. In general, we recommend that tasks only be exposed to trusted users, even in releases prior to Mitaka.
11.0.1¶
Prelude¶
This release has impact on API behavior.
Les traductions ont été synchronisées depuis Zanata
On this release requirements.txt were synced from global-requirements.
Problèmes de sécurités¶
This release prevents non-admin user to change “size” and “checksum” properties of an image after it has been deactivated via Images API v1.
Corrections de bugs¶
Bug 1505474 Glance raise 500 error when delete images with unallowed status change
Bug 1505675 Flaky tasks test glance.tests.unit.v2.test_tasks_resource.TestTasksController.test_create_with_live_time
Bug 1517060 Users (without admin privileges) can change ACTIVE_IMMUTABLE properties of their own images when deactivated.
Bug 1504184 Glance does not error gracefully on token validation error
Bug 1522132 Scrubber tests are broken due to deprecated config filesystem_store_datadir under DEFAULT section
Bug 1505710 Wrong logging setup in replicator
Bug 1483353 v1 Updates using x-image-meta-id header provoke E500 or 200
Bug 1512369 glance should declare a test-requirements.txt on swiftclient (for config generator)
Other Notes¶
Commence à utiliser reno pour la gestion des notes de release