diff options
author | Matt Riedemann <mriedem.os@gmail.com> | 2017-11-14 15:01:52 -0500 |
---|---|---|
committer | Matt Riedemann <mriedem.os@gmail.com> | 2017-11-14 15:32:20 -0500 |
commit | 31d28eef95ab82bdfce2221cd5633bcf4bc13653 (patch) | |
tree | cef2142aa2948f5a7822cc27c8b5122c078386e9 /releasenotes/notes/bug-1664931-validate-image-rebuild-9c5b05a001c94a4d.yaml | |
parent | 984dd8ad6add4523d93c7ce5a666a32233e02e34 (diff) | |
download | nova-31d28eef95ab82bdfce2221cd5633bcf4bc13653.tar.gz |
Add security release note for OSSA-2017-005
Change-Id: I053f1bbc56481bddce8792aa4b5460a55cc0db2d
Related-Bug: #1664931
Diffstat (limited to 'releasenotes/notes/bug-1664931-validate-image-rebuild-9c5b05a001c94a4d.yaml')
-rw-r--r-- | releasenotes/notes/bug-1664931-validate-image-rebuild-9c5b05a001c94a4d.yaml | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/releasenotes/notes/bug-1664931-validate-image-rebuild-9c5b05a001c94a4d.yaml b/releasenotes/notes/bug-1664931-validate-image-rebuild-9c5b05a001c94a4d.yaml new file mode 100644 index 0000000000..675debe44a --- /dev/null +++ b/releasenotes/notes/bug-1664931-validate-image-rebuild-9c5b05a001c94a4d.yaml @@ -0,0 +1,13 @@ +--- +security: + - | + `OSSA-2017-005`_: Nova Filter Scheduler bypass through rebuild action + + By rebuilding an instance, an authenticated user may be able to circumvent + the FilterScheduler bypassing imposed filters (for example, the + ImagePropertiesFilter or the IsolatedHostsFilter). All setups using the + FilterScheduler (or CachingScheduler) are affected. + + The fix is in the `nova-api` and `nova-conductor` services. + + .. _OSSA-2017-005: https://security.openstack.org/ossa/OSSA-2017-005.html
\ No newline at end of file |