diff options
author | Zuul <zuul@review.opendev.org> | 2023-02-21 14:00:55 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2023-02-21 14:00:55 +0000 |
commit | f0371614d5093463ede1b846227db6473f9ece82 (patch) | |
tree | 557fcc47722fed9133b732a9c9cd055f72d35608 | |
parent | 37f37c4d08dd40353302dcb304318248cde9b36c (diff) | |
parent | 0babf49f9b6dfcce15509feaf38f75d3f028ed46 (diff) | |
download | glance-f0371614d5093463ede1b846227db6473f9ece82.tar.gz |
Merge "Release notes for Antelope Milestone 3"26.0.0.0b3
-rw-r--r-- | releasenotes/notes/antelope-milestone-3-b9a4f7fdba31f628.yaml | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/releasenotes/notes/antelope-milestone-3-b9a4f7fdba31f628.yaml b/releasenotes/notes/antelope-milestone-3-b9a4f7fdba31f628.yaml new file mode 100644 index 000000000..ec28040a6 --- /dev/null +++ b/releasenotes/notes/antelope-milestone-3-b9a4f7fdba31f628.yaml @@ -0,0 +1,20 @@ +--- +prelude: > + In this cycle Glance enabled the API policies (RBAC) new defaults and scope by + default and removed the deprecated ``enforce_secure_rbac`` option which is no + longer needed after switching to new defaults. + The Default value of config options ``[oslo_policy] enforce_scope`` + and ``[oslo_policy] oslo_policy.enforce_new_defaults`` have been changed + to ``True``. Old policies are still there but they are disabled by default. + +fixes: + - | + Bug 1996188_: [OSSA-2023-002] Arbitrary file access through custom VMDK flat descriptor (CVE-2022-47951) + - | + Bug 1939690_: The api-ref response and the actual response returned from the Create Tags API does not match + - | + Bug 1983279_: Cannot upload vmdk images due to unsupported vmdk format + + .. _1996188: https://code.launchpad.net/bugs/1996188 + .. _1939690: https://code.launchpad.net/bugs/1939690 + .. _1983279: https://code.launchpad.net/bugs/1983279 |