Current Series Release Notes

Current Series Release Notes¶

22.0.0-35¶

New Features¶

Barbican now has a new microversion 1.2 with a behaviour change when deleting secrets. If a secret has consumers registered it cannot be deleted in this microversion until the consumers are removed.

Use the force query parameter with a truthy value to force the deletion.

Barbican now supports generation of Guru Meditation Reports using oslo.reports libary.

The following options have been added to the vault_plugin section.
- kv_path
- kv_version

Upgrade Notes¶

Python 3.9 and 3.10 support has been dropped. The minimum version of Python now supported is Python 3.11.

The barbican-wsgi-api WSGI script has been removed. Deployment tooling should instead reference the Python module paths for this services, barbican.wsgi.api, if their chosen WSGI server supports this (gunicorn, uWSGI) or implement a .wsgi script themselves if not (mod_wsgi).

The [DEFAULT] host_href option now defaults to None, which makes barbican-api to detect the base url according to the WSGI environments.

Deprecation Notes¶

The [vault_plugin] use_ssl option has been deprecated, because it has had no effect.

Using an empty string for the [DEFAULT] host_href option is deprecated. Unset the option instead.

Bug Fixes¶

Fixed a bug where SecretACLsController and ContainerACLsController overrode ACLMixin.get_acl_tuple(), returning incomplete target data that was missing ACL fields such as read_project_access. This caused the secret_is_not_private policy rule to always evaluate to False, resulting in HTTP 403 for project members who are not the secret owner when enforce_new_defaults is enabled. See bug 2069378.

this page last updated: 2026-05-29 14:57:45

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.