Victoria Series Release Notes

18.6.4

Bug Fixes

  • Previously, ToggleSuspend class checked os-rescue policy for resume operation. By this fix, the class checks ‘os_compute_api:os-suspend-server:resume’ policy to align to resume operation.

18.6.1

Upgrade Notes

  • Password forms in horizon now does not strip leading/trailing spaces included in input passwords. Previously horizon stripped leading/trailing spaces in input passwords but on the other hand keystone accepts leading/trailing spaces and it can be an issue when such passwords are set via keystone API. To handle this situation horizon no longer strips leading/trailing spaces in passwords. See [bug:1861224] and the related mailing thread for more detail. (Note that this change is part of horizon 18.5.0 release but we forgot to mention it.)

18.6.0

Security Issues

  • An open redirect has been fixed, that could redirect users to arbitrary addresses from certain views by specifying a “next” parameter in the URL. Now the redirect will only work if the target URL is in the same domain, and uses the same protocol.