Victoria Series Release Notes¶

18.6.4¶

Previously, ToggleSuspend class checked os-rescue policy for resume operation. By this fix, the class checks ‘os_compute_api:os-suspend-server:resume’ policy to align to resume operation.

Password forms in horizon now does not strip leading/trailing spaces included in input passwords. Previously horizon stripped leading/trailing spaces in input passwords but on the other hand keystone accepts leading/trailing spaces and it can be an issue when such passwords are set via keystone API. To handle this situation horizon no longer strips leading/trailing spaces in passwords. See [bug:1861224] and the related mailing thread for more detail. (Note that this change is part of horizon 18.5.0 release but we forgot to mention it.)

An open redirect has been fixed, that could redirect users to arbitrary addresses from certain views by specifying a “next” parameter in the URL. Now the redirect will only work if the target URL is in the same domain, and uses the same protocol.