Authors/ChangeLog for 2.28.1xena-em2.28.1

Drop the openstacksdk-functional-devstack for now, as it's currently
broken and immediate attempts to fix it have not succeeded.

Change-Id: Ic21cf8ab9e7abce4eabcfa57c49de6d2d011608e

4 files changed, 52 insertions, 1 deletions

diff --git a/.zuul.yaml b/.zuul.yaml
index 63fe83a53..9cd219cd3 100644
--- a/.zuul.yaml
+++ b/.zuul.yaml
@@ -718,6 +718,9 @@
             irrelevant-files: *tempest-irrelevant-files
         - grenade:
             irrelevant-files: *tempest-irrelevant-files
+        - openstacksdk-functional-devstack:
+            irrelevant-files: *tempest-irrelevant-files
+            voting: false
     gate:
       jobs:
         # For gate jobs, err towards running more jobs (so, generally avoid
@@ -758,6 +761,9 @@
             irrelevant-files: *tempest-irrelevant-files
         - grenade:
             irrelevant-files: *tempest-irrelevant-files
+        - openstacksdk-functional-devstack:
+            irrelevant-files: *tempest-irrelevant-files
+            voting: false
     experimental:
       jobs:
         - swift-tox-py27-centos-7
diff --git a/AUTHORS b/AUTHORS
index bc59baf2d..678564c96 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -63,6 +63,7 @@ aolivo (aolivo@blizzard.com)
 Arnaud JOST (arnaud.jost@ovh.net)
 arzhna (arzhna@gmail.com)
 Atsushi Sakai (sakaia@jp.fujitsu.com)
+Aymeric Ducroquetz (aymeric.ducroquetz@ovhcloud.com)
 Azhagu Selvan SP (tamizhgeek@gmail.com)
 baiwenteng (baiwenteng@inspur.com)
 Ben Keller (bjkeller@us.ibm.com)
@@ -267,6 +268,7 @@ liujiong (liujiong@gohighsec.com)
 liuyamin (liuyamin@fiberhome.com)
 Lokesh S (lokesh.s@hp.com)
 Lorcan Browne (lorcan.browne@hpe.com)
+Luciano Lo Giudice (luciano.logiudice@canonical.com)
 Luis de Bethencourt (luis@debethencourt.com)
 Luong Anh Tuan (tuanla@vn.fujitsu.com)
 lvxianguo (lvxianguo@inspur.com)
@@ -288,6 +290,7 @@ Mathias Bjoerkqvist (mbj@zurich.ibm.com)
 Matt Kassawara (mkassawara@gmail.com)
 Matt Riedemann (mriedem@us.ibm.com)
 Matthew Oliver (matt@oliver.net.au)
+Matthew Vernon (mvernon@wikimedia.org)
 Matthieu Huin (mhu@enovance.com)
 Mauro Stettler (mauro.stettler@gmail.com)
 Mehdi Abaakouk (sileht@redhat.com)
diff --git a/CHANGELOG b/CHANGELOG
index ab49034b5..2c84082ce 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,4 +1,22 @@
-swift (2.28.0)
+swift (2.28.1, xena stable backports)
+    * Fixed a security issue in how `s3api` handles XML parsing that allowed
+      authenticated S3 clients to read arbitrary files from proxy servers.
+      Refer to CVE-2022-47950 for more information.
+
+    * Constant-time string comparisons are now used when checking S3 API
+      signatures.
+
+    * Fixed a path-rewriting bug introduced in Python 3.7.14, 3.8.14, 3.9.14,
+      and 3.10.6 that could cause some `domain_remap` requests to be routed to
+      the wrong object.
+
+    * Improved compatibility with certain FIPS-mode-enabled systems.
+
+    * Ensure that non-durable data and .meta files are purged from handoffs
+      after syncing.
+
+
+swift (2.28.0, OpenStack Xena)
 
     * Sharding improvements:
 
diff --git a/releasenotes/notes/2_28_1_release-f71f8c034dd44ce7.yaml b/releasenotes/notes/2_28_1_release-f71f8c034dd44ce7.yaml
new file mode 100644
index 000000000..a4da8a1e0
--- /dev/null
+++ b/releasenotes/notes/2_28_1_release-f71f8c034dd44ce7.yaml
@@ -0,0 +1,24 @@
+---
+security:
+  - |
+    Fixed a security issue in how ``s3api`` handles XML parsing that allowed
+    authenticated S3 clients to read arbitrary files from proxy servers.
+    Refer to `CVE-2022-47950 <https://cve.circl.lu/cve/CVE-2022-47950>`__
+    for more information.
+
+  - |
+    Constant-time string comparisons are now used when checking S3 API
+    signatures.
+
+fixes:
+  - |
+    Fixed a path-rewriting bug introduced in Python 3.7.14, 3.8.14, 3.9.14,
+    and 3.10.6 that could cause some ``domain_remap`` requests to be routed to
+    the wrong object.
+
+  - |
+    Improved compatibility with certain FIPS-mode-enabled systems.
+
+  - |
+    Ensure that non-durable data and .meta files are purged from handoffs
+    after syncing.