Wallaby Series Release Notes


Security Issues

  • This patch ensures that we mask sensitive data when masking password, even if double quotes are used as password value.


Bug Fixes

  • Fix regex used to mask password. The strutils.mask_password function will now correctly handle passwords that contain single or double quotes. Previously, only the characters before the quote were masked.


New Features

  • Add a strict flag to netutils.is_valid_ipv4 to allowing users to restrict validation to IP addresses in presentation format (a.b.c.d) as opposed to address format (a.b.c.d, a.b.c, a.b, a).


New Features

  • A wrapper for hashlib.md5() has been added to allow OpenStack to run on systems where FIPS is enabled. Under FIPS, md5 is disabled and calls to hashlib.md5() will fail. In most cases in OpenStack, though, md5 is not used within a security context.

    In https://bugs.python.org/issue9216, a proposal has been made to allow the addition of a keyword parameter usedforsecurity, which can be used to designate non-security context uses. In this case, md5() operations would be permitted. This feature is expected to be delivered in python 3.9.

    Downstream python already supports this option, though. This wrapper simply allows for this option to be supported where the underlying python version supports it.