Liberty Series Release Notes¶
The qemu-img tool now has resource limits applied which prevent it from using more than 1GB of address space or more than 2 seconds of CPU time. This provides protection against denial of service attacks from maliciously crafted or corrupted disk images. oslo.concurrency>=2.6.1 is required for this fix.
recordconfiguration option for the console proxy services (like VNC, serial, spice) is changed from boolean to string. It specifies the filename that will be used for recording websocket frames.
When plugging virtual interfaces of type vhost-user the MTU value will not be applied to the interface by nova. vhost-user ports exist only in userspace and are not backed by kernel netdevs, for this reason it is not possible to set the mtu on a vhost-user interface using standard tools such as ifconfig or ip link.
[OSSA 2016-007] Host data leak during resize/migrate for raw-backed instances (CVE-2016-2140)
The 12.0.1 release contains fixes for two security issues.
[OSSA 2016-001] Nova host data leak through snapshot (CVE-2015-7548)
[OSSA 2016-002] Xen connection password leak in logs via StorageError (CVE-2015-8749)
Fixes a bug where Nova services won’t recover after a temporary DB connection issue, when service group DB driver is used together with local conductor, as the driver only handles RPC timeout errors.
For more info see https://bugs.launchpad.net/nova/+bug/1505471
Fixes a bug where Nova services won’t recover after a temporary DB / MQ connection issue, when service group DB driver is used together with remote conductor, as the driver only handles RPC timeout errors and does not account for other types of errors (e.g. wrapped DB errors on the remote conductor transported over RPC)
For more info see https://bugs.launchpad.net/nova/+bug/1517926
Start using reno to manage release notes.