diff options
| author | Matt Riedemann <mriedem.os@gmail.com> | 2017-11-14 15:01:52 -0500 |
|---|---|---|
| committer | Tony Breeds <tony@bakeyournoodle.com> | 2017-11-16 14:00:47 +1100 |
| commit | 698b261a5a2a6c0f31ef5059046ef7196d5cba30 (patch) | |
| tree | c4ceae398bb158b7e82b2bd10f24488cf5c286f7 | |
| parent | 97a51d981bd603b964b04b3568218ce57ac57338 (diff) | |
| download | nova-698b261a5a2a6c0f31ef5059046ef7196d5cba30.tar.gz | |
Add security release note for OSSA-2017-005
Change-Id: I053f1bbc56481bddce8792aa4b5460a55cc0db2d
Related-Bug: #1664931
(cherry picked from commit 31d28eef95ab82bdfce2221cd5633bcf4bc13653)
(cherry picked from commit 3f63d057a64b688b66ff1903c1afc4d97ba6df6d)
(cherry picked from commit ffd4f72d16dacd6ca1e703f9bab37b8917d253e7)
| -rw-r--r-- | releasenotes/notes/bug-1664931-validate-image-rebuild-9c5b05a001c94a4d.yaml | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/releasenotes/notes/bug-1664931-validate-image-rebuild-9c5b05a001c94a4d.yaml b/releasenotes/notes/bug-1664931-validate-image-rebuild-9c5b05a001c94a4d.yaml new file mode 100644 index 0000000000..675debe44a --- /dev/null +++ b/releasenotes/notes/bug-1664931-validate-image-rebuild-9c5b05a001c94a4d.yaml @@ -0,0 +1,13 @@ +--- +security: + - | + `OSSA-2017-005`_: Nova Filter Scheduler bypass through rebuild action + + By rebuilding an instance, an authenticated user may be able to circumvent + the FilterScheduler bypassing imposed filters (for example, the + ImagePropertiesFilter or the IsolatedHostsFilter). All setups using the + FilterScheduler (or CachingScheduler) are affected. + + The fix is in the `nova-api` and `nova-conductor` services. + + .. _OSSA-2017-005: https://security.openstack.org/ossa/OSSA-2017-005.html
\ No newline at end of file |