-
horizon (1:2013.2.3-0ubuntu1.1) saucy-security; urgency=medium
* SECURITY UPDATE: fix XSS in Heat template description and outputs
parameters
- LP: #1289033
- CVE-2014-0157
-- Jamie Strandboge <email address hidden> Mon, 05 May 2014 13:39:33 -0500
-
horizon (1:2013.2.3-0ubuntu1) saucy-proposed; urgency=medium
* Resynchronize with stable/havana (82cb9f6) (LP: #1302575):
- [b2259b3] Don't copy the flavorid when updating flavors
- [8db4687] Allow snapshots of paused and suspended instances
- [cf181c1] Reduce number of novaclient calls
- [82cb9f6] Fixing tests to work with keystoneclient 0.6.0
-- Corey Bryant <email address hidden> Fri, 04 Apr 2014 10:52:55 -0400
-
horizon (1:2013.2.2-0ubuntu1) saucy-proposed; urgency=low
[ Chuck Short ]
* Resynchronize with stable/havana (36e0ab5) (LP: #1284643):
- [e73ff07] run_tests.sh fails with a fresh venv due to django 1.6
installed LP: 1250581
- [3e93b54] Email shouldn't be a mandatory attribute LP: 1260423
- [2c1f1f3] Wrap call to extension_supported on Launch Instance with
try/except LP: 1262223
- [2e11482] Unit tests failing with raise
UnknownMethodCallError('management_url') LP: 1268631
- [c6d38a1] Metering dashboard. Marker could not be found (havana)
LP: 1260528
- [2b6dfa7] keypairs can not have an '@' sign in the name LP: 1265563
- [8ba7780] Cannot see confirmation message when working on longer pages
LP: 1251361
- [edd8ee4] fix help text in "Create An image" window
- [aa55b24] Inconsistance between horizon and django_openstack_auth default
keystone version LP: 1231357
- [7a8eadc] LBaaS. HealthMonitor representation should be improved
LP: 1237377
- [02e7b6e] "neutron lb-pool-list" running by admin returns also non-admin
load balancer pools which appear later in horizon's admin project
LP: 1244126
- [5520d65] create volume option is shown, even without cinder enabled
LP: 1267438
- [5b970a5] .tx/config in havana needs to catch up with Transifex resource
renaming LP: 1274005
- [6508afd] when creating instance,access security and networking tabs
missing asterisk LP: 1252005
- [96bd650] timeout logic causes logout when load balanced LP: 1243277
- [36e0ab5] Import translations for Havana 2013.2.2 update
[ James Page ]
* d/static/*: Refreshed for new upstream release.
-- Chuck Short <email address hidden> Tue, 25 Feb 2014 09:19:08 -0500
-
horizon (1:2013.2.1-0ubuntu1) saucy-proposed; urgency=low
* Resynchronize with stable/havana (9668e80) (LP: #1262788):
- [d97bba1] precision of floating point metering stats is discarded
unnecessarily LP: 1241467
- [53047be] "Tenant" should be "Project" (Resource Usage panel) LP: 1250942
- [728b5d1] Subnet / Subnet details not marked as translatable LP: 1254026
- [9465e54] missing hover hint for instance:<type> meter in Metric dropdown
list LP: 1243241
- [842ba5f] Default port for The MS SQL Security Group is 1433 instead of
1443 LP: 1250029
- [631ee65] iso8601 debug message is annoying in dashboard unit test
LP: 1250554
- [1361a02] only meters associated with the first instance reported appear
in Metric dropdown list LP: 1243298
- [599d4a5] Persistent XSS in OpenStack Web UI for Instances LP: 1247675
- [7f804c9] Password Change needs to logout current user LP: 1226829
- [3b621e7] The "Weight" parameter in Horizon's LBaaS member creation
dialog is mandatory while it's only optional in the cli command
LP: 1241004
- [b5b102e] i18n: "Filter" in "Flavor Access" tab of "Create Flavor"
workflow is not translatable LP: 1239927
- [0aba596] I18n: Localization of the role "Member" LP: 1255004
- [d66a483] detach volume dialog contains escaped html LP: 1252881
- [37f0128] English string for "Injected File Path Bytes" is wrong
LP: 1254049
- [ac2815c] ./templates/base.html.c:6: warning: unterminated string literal
LP: 1243526
- [6d02f2e] Cannot assign different translations for present and past
message of BatchAction LP: 1252082
- [655dc79] Resource Usage Page table views shows statistics in a wrong way
LP: 1249279
- [5d9684d] lbaas pool tcp LP: 1241713
- [040bebb] Some "Working" dialogs are not translatable LP: 1252074
- [852e5c8] Translation update for 2013.2.1 release LP: 1258462
- [9668e80] Updated from global requirements
* debian/patches/CVE-2013-6406: Dropped, applied upstream [599d4a5]
* debian/patches/revert-stable-havana-requirements.patch: Revert
version bumps to dependencies in stable/havana back to what was
shipped with Saucy.
-- Adam Gandelman <email address hidden> Wed, 18 Dec 2013 10:47:22 -0800
-
horizon (1:2013.2-0ubuntu1.1) saucy-security; urgency=low
* SECURITY UPDATE: XSS in Volumes and Network Topology pages
- debian/patches/CVE-2013-6406: html.escape() various items in
volumes/tables.py and volume_snapshots/tables.py
- CVE-2013-6406 (also referred to as CVE-2013-6858)
- LP: #1247675
-- Jamie Strandboge <email address hidden> Tue, 03 Dec 2013 15:54:34 -0600
-
horizon (1:2013.2-0ubuntu1) saucy; urgency=low
* New upstream release (LP: #1236462).
-- Chuck Short <email address hidden> Thu, 17 Oct 2013 09:43:46 -0400
-
horizon (1:2013.2~rc3-0ubuntu1) saucy; urgency=low
* New upstream release candidate (LP: #1240665).
-- Chuck Short <email address hidden> Wed, 16 Oct 2013 20:10:52 -0400
-
horizon (1:2013.2~rc2-0ubuntu1) saucy; urgency=low
* New upstream release candidate. (#1239156)
* debian/README.compression: Updated documenation on how to
refresh the static assets.
-- Chuck Short <email address hidden> Tue, 15 Oct 2013 10:20:05 -0400
-
horizon (1:2013.2~rc1-0ubuntu2) saucy; urgency=low
* d/theme/css/ubuntu.css: Refresh Ubuntu theme against new Havana
stylesheets, fixing network and chart layouts (LP: #1235249).
* d/openstack-dashboard.postinst: Allow horizon user to read and
write data in /var/lib/openstack-dashboard inline with user and
group permissions set in Apache configuration.
-- James Page <email address hidden> Fri, 04 Oct 2013 14:17:43 +0100
-
horizon (1:2013.2~rc1-0ubuntu1) saucy; urgency=low
[ James Page ]
* New upstream release candidate:
- d/static: Refreshed static assets for 2013.2~rc1.
- d/patches: Refreshed patches.
[ Chuck Short ]
* debian/control: Add python-lesscpy as a suggests to optionally
support online compression of static assets (LP: #1226674).
-- James Page <email address hidden> Thu, 03 Oct 2013 13:48:12 +0100
-
horizon (1:2013.2~b3-0ubuntu2) saucy; urgency=low
* Don't use /etc/openstack-dashboard for in-process generated data
(LP: #1233752):
- d/openstack-dashboard.{dirs,postinst}:
+ Create /var/lib/openstack-dashboard with restricted permissions,
allowing www-data user to write a secret_key if need be.
+ Move /etc/openstack-dashboard/secret_key to correct location if
it already exists.
- d/p/ubuntu_settings.patch: Use /var/lib/openstack-dashboard for
secret key storage instead of /etc/openstack-dashboard.
-- James Page <email address hidden> Wed, 02 Oct 2013 10:31:15 +0100
-
horizon (1:2013.2~b3-0ubuntu1) saucy; urgency=low
* New upstream release.
* debian/control: Minimum python-openstack-auth version >= 1.1.1.
* debian/control: Add python-troveclient.
* debian/static: Refresh static assets for 2013.2~b3.
* debian/patches: ubuntu_local_settings.patch -> ubuntu_settings.patch, also
patch location of secret key in openstack_dashboard/settings.py
-- Adam Gandelman <email address hidden> Fri, 06 Sep 2013 11:59:43 -0700
-
horizon (1:2013.2~b2-0ubuntu6) saucy; urgency=low
* debian/patches/ubuntu_local_settings.py: Set flexible
default for ALLOWED_HOSTS that should be changed for production
deployments (LP: #1214982).
* Fix (LP: #1216019):
- debian/openstack-dashboard.{postinst, postrm}: Add/remove horizon
user. Ensure /etc/openstack-dashbard ownership.
- debian/openstack-dashboard.conf: Run WSGIDaemonProcess as user
horizon, set WSGIProcessGroup to horizon.
- debian/patches/ubuntu_local_settings.py: Generate and load secret
key from /etc/openstack-dashboard/secret_key.
-- Adam Gandelman <email address hidden> Fri, 06 Sep 2013 10:33:18 -0700
-
horizon (1:2013.2~b2-0ubuntu5) saucy; urgency=low
* d/static/*: Refresh static assets for 2013.2~b2.
* d/rules: Tweak helper for refreshing static assets to link
local_settings.py correctly.
* d/openstack-dashboard.p*: Fix typo in configuration file name,
ensure consistent use of tabs/spaces.
-- James Page <email address hidden> Mon, 02 Sep 2013 16:43:56 +0100
-
horizon (1:2013.2~b2-0ubuntu4) saucy; urgency=low
* Update for apache 2.4, preserve 2.2 compatability. (LP: #1218535)
-- Adam Gandelman <email address hidden> Fri, 30 Aug 2013 15:31:49 -0700
-
horizon (1:2013.2~b2-0ubuntu3) saucy; urgency=low
* debian/rules: Don't remove egg information while cleaning.
(LP: #1210253)
-- Chuck Short <email address hidden> Wed, 21 Aug 2013 10:08:35 -0400
-
horizon (1:2013.2~b2-0ubuntu2) saucy; urgency=low
* debian/control: Fix typo in depends.
-- Chuck Short <email address hidden> Mon, 22 Jul 2013 14:36:30 -0400
-
horizon (1:2013.2~b2-0ubuntu1) saucy; urgency=low
[ James Page ]
* d/control: Update VCS fields for new branch locations.
* Automate refresh of static assets:
- d/rules: Added refresh-static-assets helper target.
- d/README.compression: Updated for new process.
* d/static/*: Refreshed static assets.
[ Chuck Short ]
* New upstream release
* debian/control:
- Add python-ceilometerclient
- Add python-heatclient
- Renamed python-quantumclient to python-neturonclient.
* debian/curles: Removed instances of quantum since its cruft
that we dont need anymore.
-- Chuck Short <email address hidden> Mon, 22 Jul 2013 11:45:28 -0400
-
horizon (1:2013.2~b1-0ubuntu1) saucy; urgency=low
* New upstream release.
* debian/patches/ubuntu_local_settings.patch: Refreshed
* debian/control: Add python-pbr and python-d2to1.
-- Chuck Short <email address hidden> Fri, 31 May 2013 08:59:58 -0500
-
horizon (1:2013.1-0ubuntu3) raring; urgency=low
* Re-sync Ubuntu theme with upstream changes, fixing instance network
selection dialog and network topology screens (LP: #1157918).
-- James Page <email address hidden> Mon, 22 Apr 2013 14:09:04 +0100