2023.1 Series Release Notes¶
26.0.0¶
Prelude¶
In this cycle Glance enabled the API policies (RBAC) new defaults and scope by default and removed the deprecated enforce_secure_rbac
option which is no longer needed after switching to new defaults. The Default value of config options [oslo_policy] enforce_scope
and [oslo_policy] oslo_policy.enforce_new_defaults
have been changed to True
. Old policies are still there but they are disabled by default.
업그레이드 노트¶
The Glance service enables the API policies (RBAC) new defaults and scope by default. The Default value of config options
[oslo_policy] enforce_scope
and[oslo_policy] oslo_policy.enforce_new_defaults
have been changed toTrue
.If you want to disable them then modify the below config options value in
glance-api.conf
file:[oslo_policy] enforce_new_defaults=False enforce_scope=False
As per the revised SRBAC community goals, glance service is switching to new defaults by default in Antelope cycle, hence removing the deprecated
enforce_secure_rbac
option which is no longer needed. Theenforce_secure_rbac
option was introduced EXPERIMENTAL in Wallaby release for operators to opt into enforcing authorization based on common RBAC personas.Now operator can control the scope and new defaults flag with the below config options in
glance-api.conf
file:[oslo_policy] enforce_new_defaults=True enforce_scope=True
버그 수정¶
Bug 1990854: oslo_limit section not clear
Bug 1779781: virt/vmware not support VirtualSriovEthernetCard
Bug 1647491: Missing documentation for glance-manage db_purge command
Bug 1983279: Cannot upload vmdk images due to unsupported vmdk format
Bug 1989268: Wrong assertion method
Bug 1996188: [OSSA-2023-002] Arbitrary file access through custom VMDK flat descriptor (CVE-2022-47951)
Bug 1939690: The api-ref response and the actual response returned from the Create Tags API does not match
Bug 1983279: Cannot upload vmdk images due to unsupported vmdk format