diff options
author | Pranali Deore <pdeore@redhat.com> | 2023-02-16 10:07:40 +0000 |
---|---|---|
committer | Pranali Deore <pdeore@redhat.com> | 2023-02-16 11:17:41 +0000 |
commit | 0babf49f9b6dfcce15509feaf38f75d3f028ed46 (patch) | |
tree | 565c8825cf6b14dbe6d2e5fcc95cbec1f1f5566d | |
parent | 1d54dddaa03fc8c76b25846a379e7662abbd3fb8 (diff) | |
download | glance-0babf49f9b6dfcce15509feaf38f75d3f028ed46.tar.gz |
Release notes for Antelope Milestone 3
Change-Id: I3dbc1c1e2bf2622721d98e88e219afd816722e22
-rw-r--r-- | releasenotes/notes/antelope-milestone-3-b9a4f7fdba31f628.yaml | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/releasenotes/notes/antelope-milestone-3-b9a4f7fdba31f628.yaml b/releasenotes/notes/antelope-milestone-3-b9a4f7fdba31f628.yaml new file mode 100644 index 000000000..ec28040a6 --- /dev/null +++ b/releasenotes/notes/antelope-milestone-3-b9a4f7fdba31f628.yaml @@ -0,0 +1,20 @@ +--- +prelude: > + In this cycle Glance enabled the API policies (RBAC) new defaults and scope by + default and removed the deprecated ``enforce_secure_rbac`` option which is no + longer needed after switching to new defaults. + The Default value of config options ``[oslo_policy] enforce_scope`` + and ``[oslo_policy] oslo_policy.enforce_new_defaults`` have been changed + to ``True``. Old policies are still there but they are disabled by default. + +fixes: + - | + Bug 1996188_: [OSSA-2023-002] Arbitrary file access through custom VMDK flat descriptor (CVE-2022-47951) + - | + Bug 1939690_: The api-ref response and the actual response returned from the Create Tags API does not match + - | + Bug 1983279_: Cannot upload vmdk images due to unsupported vmdk format + + .. _1996188: https://code.launchpad.net/bugs/1996188 + .. _1939690: https://code.launchpad.net/bugs/1939690 + .. _1983279: https://code.launchpad.net/bugs/1983279 |