[ubuntu/trusty-security] horizon 1:2014.1.5-0ubuntu2.1 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Wed Oct 11 11:25:51 UTC 2017
horizon (1:2014.1.5-0ubuntu2.1) trusty-security; urgency=medium
* SECURITY UPDATE: XSS in OpenStack Dashboard
- debian/patches/CVE-2016-4428.patch: add escaping to
horizon/utils/escape.py, openstack_dashboard/settings.py,
openstack_dashboard/test/settings.py.
- debian/patches/ship_escape.py: ship new file created by security
patch.
- CVE-2016-4428
horizon (1:2014.1.5-0ubuntu2) trusty; urgency=medium
* Fix "Unable to Connect to Neutron" error message which is displayed
in various UI panels. (LP: #1476417)
- d/p/fix-neutron-connection-error.patch - Removes the erroneous
usage of the FloatingIPManager.is_supported() method.
horizon (1:2014.1.5-0ubuntu1) trusty; urgency=medium
* Resynchronize with stable/icehouse (4ff165c) (LP: #1467533):
- [78b6f5e] Fix exponentially growing AJAX updates for table rows
- [86a6628] Handle RequestURITooLong error in large instance table
- [2a6fe4a] Fix host listing in live migration
- [9109812] Exclude security group related quotas when the extension disabled
- [4ff165c] horizon ignores region for identity service
* d/p/fix-host-listing-live-migration.patch: Dropped; Fixed upstream.
* d/p/fix-requirements.patch: Rebased
horizon (1:2014.1.4-0ubuntu2) trusty; urgency=medium
* d/control: Set minimum python-six dependency to 1.5.2 (LP: #1403114).
horizon (1:2014.1.4-0ubuntu1) trusty; urgency=medium
* Resynchronize with stable/icehouse (b14a2ec) (LP: #1432608):
- [4f12ca8] Fix metering daily display
- [e00979e] Use floats instead of integer in memory calculation of admin dashboard
- [0eef0d8] Removing Moscow's timezone check
- [c37aafa] Remove the urlquote to arguments passed to reverse
- [61d09f6] Horizon login page contains DOS attack mechanism
- [33f2b93] Prevent leaking `target` info into subsequent `policy.check()` calls
- [a04aa21] Tolerate completely missing floating_ips
- [ad1a893] Fixing Neutron Subnet Details help text
- [7dd9ca6] Handle negative values in total*Used for Cinder absolute limits
- [2b292e8] Workaround for negative vals in total*Used in nova absolute_limits
- [e5a9037] Update WSGI app creation to be compatible with Django 1.7
- [b14a2ec] Run router dashboard unit tests by default
* d/p/fix-dashboard-django-wsgi.patch: Rebased
* d/p/fix-requirements.patch: Rebased
* d/p/fix-host-listing-live-migration.patch: Cherry picked from
https://review.openstack.org/#/c/149621/
horizon (1:2014.1.3-0ubuntu2) trusty; urgency=medium
* Fix Ubuntu theme region switcher dropdown (LP: #1396318)
horizon (1:2014.1.3-0ubuntu1) trusty; urgency=medium
[ Chris Johnston ]
* Fix Ubuntu theme dropdown and confirmation button (LP: #1308651).
[ Corey Bryant ]
* Resynchronize with stable/icehouse (dc8e46f) (LP: #1377136):
- [ba524b0] template to rely on the the "id" attribute
- [ad2d428] Rename add_error methods: Django 1.7 conflict
- [8dfe113] Replace Ceilometer ClientException with HTTPException
- [f5e1ff4] Add missing "load url from future" in a container template
- [839c53d] Add OS_REGION_NAME to openrc
- [737fe40] Set the correct min_disk size when creating volume from image
- [a8eeed9] Allow forms to disable autofill in all browsers
- [e32a00d] Fix endpoint error when running keystone on apache
- [faac9e7] Not able to delete a pseudo-folder via horizon
- [b6d6e15] Set python hash seed to 0 in tox.ini
- [ba908ae] Fix XSS issue with the unordered_list filter
- [9a5894b] Long container names no longer break the page
- [c9cb128] TEMPLATE_DIRS must be a tuple
- [95dcdae] Proper port for LBaaS members
- [dc8e46f] Use default_project_id as user project for keystone v3
Date: 2017-08-25 13:35:14.084830+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Maintainer: Chuck Short <zulcssubuntu at gmail.com>
https://launchpad.net/ubuntu/+source/horizon/1:2014.1.5-0ubuntu2.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Trusty-changes
mailing list