Add security release note for OSSA-2017-005

Change-Id: I053f1bbc56481bddce8792aa4b5460a55cc0db2d Related-Bug: #1664931
author: Matt Riedemann <mriedem.os@gmail.com> 2017-11-14 15:01:52 -0500
committer: Matt Riedemann <mriedem.os@gmail.com> 2017-11-14 15:32:20 -0500
commit: 31d28eef95ab82bdfce2221cd5633bcf4bc13653 (patch)
tree: cef2142aa2948f5a7822cc27c8b5122c078386e9 /releasenotes/notes/bug-1664931-validate-image-rebuild-9c5b05a001c94a4d.yaml
parent: 984dd8ad6add4523d93c7ce5a666a32233e02e34 (diff)
download: nova-31d28eef95ab82bdfce2221cd5633bcf4bc13653.tar.gz
1 files changed, 13 insertions, 0 deletions
diff --git a/releasenotes/notes/bug-1664931-validate-image-rebuild-9c5b05a001c94a4d.yaml b/releasenotes/notes/bug-1664931-validate-image-rebuild-9c5b05a001c94a4d.yaml
new file mode 100644
index 0000000000..675debe44a
--- /dev/null
+++ b/releasenotes/notes/bug-1664931-validate-image-rebuild-9c5b05a001c94a4d.yaml
@@ -0,0 +1,13 @@
+---
+security:
+  - |
+    `OSSA-2017-005`_: Nova Filter Scheduler bypass through rebuild action
+
+    By rebuilding an instance, an authenticated user may be able to circumvent
+    the FilterScheduler bypassing imposed filters (for example, the
+    ImagePropertiesFilter or the IsolatedHostsFilter). All setups using the
+    FilterScheduler (or CachingScheduler) are affected.
+
+    The fix is in the `nova-api` and `nova-conductor` services.
+
+    .. _OSSA-2017-005: https://security.openstack.org/ossa/OSSA-2017-005.html
+\ No newline at end of file
author	Matt Riedemann <mriedem.os@gmail.com>	2017-11-14 15:01:52 -0500
committer	Matt Riedemann <mriedem.os@gmail.com>	2017-11-14 15:32:20 -0500
commit	31d28eef95ab82bdfce2221cd5633bcf4bc13653 (patch)
tree	cef2142aa2948f5a7822cc27c8b5122c078386e9 /releasenotes/notes/bug-1664931-validate-image-rebuild-9c5b05a001c94a4d.yaml
parent	984dd8ad6add4523d93c7ce5a666a32233e02e34 (diff)
download	nova-31d28eef95ab82bdfce2221cd5633bcf4bc13653.tar.gz