diff options
Diffstat (limited to 'releasenotes/notes/metadef-api-admin-operations-b9a2d863913b0cae.yaml')
-rw-r--r-- | releasenotes/notes/metadef-api-admin-operations-b9a2d863913b0cae.yaml | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/releasenotes/notes/metadef-api-admin-operations-b9a2d863913b0cae.yaml b/releasenotes/notes/metadef-api-admin-operations-b9a2d863913b0cae.yaml new file mode 100644 index 000000000..44c2c50e9 --- /dev/null +++ b/releasenotes/notes/metadef-api-admin-operations-b9a2d863913b0cae.yaml @@ -0,0 +1,9 @@ +--- +security: + - | + The default policy for the `metadef` API has changed from "open to + everyone" to "only admins can create and modify resources". We + believe that this is by far the most common use-case and the only + sane default. See Bug 1916926_ for more details. + + .. _1916926: https://bugs.launchpad.net/glance/+bug/1916926/ |