21 lines
871 B
YAML
21 lines
871 B
YAML
---
|
|
prelude: >
|
|
- Glance no longer returns a 500 when 4 byte unicode
|
|
characters are passed to the metadefs API.
|
|
- Deprecated "sign-the-hash" approach for image signing.
|
|
Old run_tests and related scripts have been removed.
|
|
upgrade:
|
|
- The image signature verification feature has been
|
|
updated to follow the "sign-the-data" approach, which
|
|
uses a signature of the image data directly. The prior
|
|
deprecated "sign-the-hash" approach, which uses a
|
|
signature of an MD5 hash of the image data, has been
|
|
removed.
|
|
security:
|
|
- The initial implementation of the image signature
|
|
verification feature in Glance was insecure, because it
|
|
relied on an MD5 hash of the image data. More details
|
|
can be found in bug 1516031. This "sign-the-hash"
|
|
approach was deprecated in Mitaka, and has been removed
|
|
in Newton. Related CVE-2015-8234.
|