Mitaka Series Release Notes
- Fixed a bug when a package containing multi-class yamls could not be added to glare-based catalog.
- cve-2016-4972 has been addressed. In ceveral places Murano used loaders inherited directly from yaml.Loader when parsing MuranoPL and UI files from packages. This is unsafe, because this loader is capable of creating custom python objects from specifically constructed yaml files. With this change all yaml loading operations are done using safe loaders instead.
- cli now makes use of type of the endpoint (defined either as a –os-endpoint-type command line parameter or OS_ENDPOINT_TYPE environment variable). This type defines which interface will be used when connecting to murano, glance and glare APIs.
- It is now possible to import packages with ‘!yaql’ tag, when glare is used as backend. Before this fix, importing such package caused a parsing error.
- Since glare has been moved to a separate service muranoclient CLI now distinguishes between –glance-url and –glare-url. If –glare-url is not supplied muranoclient requests an endpoint of type ‘artifact’ from keystone.
- Added fallback from token to username/password if both are provided and token expires or is invalid.