Mitaka Series Release Notes


Bug Fixes

  • Fixed a bug when a package containing multi-class yamls could not be added to glare-based catalog.


Security Issues

  • cve-2016-4972 has been addressed. In ceveral places Murano used loaders inherited directly from yaml.Loader when parsing MuranoPL and UI files from packages. This is unsafe, because this loader is capable of creating custom python objects from specifically constructed yaml files. With this change all yaml loading operations are done using safe loaders instead.

Bug Fixes

  • cli now makes use of type of the endpoint (defined either as a –os-endpoint-type command line parameter or OS_ENDPOINT_TYPE environment variable). This type defines which interface will be used when connecting to murano, glance and glare APIs.

  • It is now possible to import packages with ‘!yaql’ tag, when glare is used as backend. Before this fix, importing such package caused a parsing error.


New Features

  • Since glare has been moved to a separate service muranoclient CLI now distinguishes between –glance-url and –glare-url. If –glare-url is not supplied muranoclient requests an endpoint of type ‘artifact’ from keystone.

Bug Fixes

  • Added fallback from token to username/password if both are provided and token expires or is invalid.


New Features

  • Added python-muranoclient support in openstack-client by setting entry points and implementing interface functions.

Bug Fixes

  • Fixes use murano package-import with version parameter, It always shows version of client. Rename the parameter ‘version’ to ‘package-version’

  • Changed murano-client CLI outputs to show only items affected by current operation instead of full item list.


Bug Fixes

  • fixes no attribute error caused by the new raw_request return, by let the SessionClient raw_request only return response without data.

  • command ‘package_update’ was broken since murano start support of keystone v3. The error occurred because murano tried to pass custom content type parameter in the request kwargs, not headers.