[ubuntu/trusty-security] horizon 1:2014.1.5-0ubuntu2.1 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Wed Oct 11 11:25:51 UTC 2017

horizon (1:2014.1.5-0ubuntu2.1) trusty-security; urgency=medium

  * SECURITY UPDATE: XSS in OpenStack Dashboard
    - debian/patches/CVE-2016-4428.patch: add escaping to
      horizon/utils/escape.py, openstack_dashboard/settings.py,
    - debian/patches/ship_escape.py: ship new file created by security
    - CVE-2016-4428

horizon (1:2014.1.5-0ubuntu2) trusty; urgency=medium

  * Fix "Unable to Connect to Neutron" error message which is displayed
    in various UI panels. (LP: #1476417)
    - d/p/fix-neutron-connection-error.patch - Removes the erroneous
      usage of the FloatingIPManager.is_supported() method.

horizon (1:2014.1.5-0ubuntu1) trusty; urgency=medium

  * Resynchronize with stable/icehouse (4ff165c) (LP: #1467533):
    - [78b6f5e] Fix exponentially growing AJAX updates for table rows
    - [86a6628] Handle RequestURITooLong error in large instance table
    - [2a6fe4a] Fix host listing in live migration
    - [9109812] Exclude security group related quotas when the extension disabled
    - [4ff165c] horizon ignores region for identity service
  * d/p/fix-host-listing-live-migration.patch: Dropped; Fixed upstream.
  * d/p/fix-requirements.patch: Rebased

horizon (1:2014.1.4-0ubuntu2) trusty; urgency=medium

  * d/control: Set minimum python-six dependency to 1.5.2 (LP: #1403114).

horizon (1:2014.1.4-0ubuntu1) trusty; urgency=medium

  * Resynchronize with stable/icehouse (b14a2ec) (LP: #1432608):
    - [4f12ca8] Fix metering daily display
    - [e00979e] Use floats instead of integer in memory calculation of admin dashboard
    - [0eef0d8] Removing Moscow's timezone check
    - [c37aafa] Remove the urlquote to arguments passed to reverse
    - [61d09f6] Horizon login page contains DOS attack mechanism
    - [33f2b93] Prevent leaking `target` info into subsequent `policy.check()` calls
    - [a04aa21] Tolerate completely missing floating_ips
    - [ad1a893] Fixing Neutron Subnet Details help text
    - [7dd9ca6] Handle negative values in total*Used for Cinder absolute limits
    - [2b292e8] Workaround for negative vals in total*Used in nova absolute_limits
    - [e5a9037] Update WSGI app creation to be compatible with Django 1.7
    - [b14a2ec] Run router dashboard unit tests by default
  * d/p/fix-dashboard-django-wsgi.patch: Rebased
  * d/p/fix-requirements.patch: Rebased
  * d/p/fix-host-listing-live-migration.patch: Cherry picked from

horizon (1:2014.1.3-0ubuntu2) trusty; urgency=medium

  * Fix Ubuntu theme region switcher dropdown (LP: #1396318)

horizon (1:2014.1.3-0ubuntu1) trusty; urgency=medium

  [ Chris Johnston ]
  * Fix Ubuntu theme dropdown and confirmation button (LP: #1308651).

  [ Corey Bryant ]
  * Resynchronize with stable/icehouse (dc8e46f) (LP: #1377136):
    - [ba524b0] template to rely on the the "id" attribute
    - [ad2d428] Rename add_error methods: Django 1.7 conflict
    - [8dfe113] Replace Ceilometer ClientException with HTTPException
    - [f5e1ff4] Add missing "load url from future" in a container template
    - [839c53d] Add OS_REGION_NAME to openrc
    - [737fe40] Set the correct min_disk size when creating volume from image
    - [a8eeed9] Allow forms to disable autofill in all browsers
    - [e32a00d] Fix endpoint error when running keystone on apache
    - [faac9e7] Not able to delete a pseudo-folder via horizon
    - [b6d6e15] Set python hash seed to 0 in tox.ini
    - [ba908ae] Fix XSS issue with the unordered_list filter
    - [9a5894b] Long container names no longer break the page
    - [c9cb128] TEMPLATE_DIRS must be a tuple
    - [95dcdae] Proper port for LBaaS members
    - [dc8e46f] Use default_project_id as user project for keystone v3

Date: 2017-08-25 13:35:14.084830+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Maintainer: Chuck Short <zulcssubuntu at gmail.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Trusty-changes mailing list