octavia/releasenotes/notes/allow-invisible-subnets-e30b0b5fbd216294.yaml
Ross Martyn 611880cd15 Fixed typo in upgrade section
Change-Id: I9e7052bfbb990d526893e641236cbdb6e6203d67
2020-06-06 09:38:02 +01:00

17 lines
833 B
YAML

---
upgrade:
- |
After this upgrade, users will no longer be able use network resources they
cannot see or "show" on load balancers. Operators can revert this behavior
by setting the "allow_invisible_resource_usage" configuration file setting
to ``True``.
security:
- |
Previously, if a user knew or could guess the UUID for a network resource,
they could use that UUID to create load balancer resources using that UUID.
Now the user must have permission to see or "show" the resource before it
can be used with a load balancer. This will be the new default, but
operators can disable this behavior via the setting the configuration file
setting "allow_invisible_resource_usage" to ``True``. This issue falls
under the "Class C1" security issue as the user would require a valid UUID.