diff --git a/releasenotes/notes/bp-mitigate-ossn-0075-c0e74e60d86d8ea2.yaml b/releasenotes/notes/bp-mitigate-ossn-0075-c0e74e60d86d8ea2.yaml index e368362d88..72ea504d69 100644 --- a/releasenotes/notes/bp-mitigate-ossn-0075-c0e74e60d86d8ea2.yaml +++ b/releasenotes/notes/bp-mitigate-ossn-0075-c0e74e60d86d8ea2.yaml @@ -1,7 +1,4 @@ --- -prelude: > - - The ``glance-manage`` utility has been updated to address OpenStack - Security Note OSSN-0075. security: - | The ``glance-manage`` tool has been updated to address `OSSN-0075`_. diff --git a/releasenotes/notes/image-conversion-plugin-5aee45e1a1a5bb2b.yaml b/releasenotes/notes/image-conversion-plugin-5aee45e1a1a5bb2b.yaml index d4ffcdcfe2..7724f142dc 100644 --- a/releasenotes/notes/image-conversion-plugin-5aee45e1a1a5bb2b.yaml +++ b/releasenotes/notes/image-conversion-plugin-5aee45e1a1a5bb2b.yaml @@ -1,8 +1,4 @@ --- -prelude: > - Automatic image conversion plugin for Interoperable Image Import. This - release introduces a new plugin that can be used to convert images to - specific format automatically upon image import. features: - | Automatic image conversion plugin for Interoperable Image Import. With diff --git a/releasenotes/notes/rocky-rc-b0ea7628b7a74c96.yaml b/releasenotes/notes/rocky-rc-b0ea7628b7a74c96.yaml new file mode 100644 index 0000000000..3304927074 --- /dev/null +++ b/releasenotes/notes/rocky-rc-b0ea7628b7a74c96.yaml @@ -0,0 +1,34 @@ +--- +prelude: | + This release of OpenStack Glance introduces 2 new API versions. Images + API v2.7 adds support and modifications for the Hidden Images and + Multihash features introduced during Rocky cycle. Version 2.8 is + included as an optional EXPERIMENTAL API for testing and preparing for + multiple back-end support. + + Rocky development cycle marks long waited milestone on Glance work. The + Images API v1 which has been deprecated for years is finally removed and + not available at all in Glance version 17.0.0 forward. + + Some security aspects were tackled for this release. Multihash, providing + secure hashing for image data with future proof options marks the end of + relying upon MD5 checksums when verifying image payloads. OSSN-0075 + migitation lessens the risk of ID reusability on those very rare cases + when a database purge is necessary. + + When delayed delete is enabled operators are able to recover image records + if the scrubber has been stopped before the data removal interval. While + the image metadata is still not preserved in these cases, this provides a + way to save the image data on accidental deletes. + + Due to increasing core counts on modern servers Glance services started + consuming huge amounts of resources as the default was to spin up equal + amount of workers to logical CPUs seen on the host. This automatic scaling + was capped to 8 workers limiting the resources consumed. While each worker + can handle a pool of connections this limit should be sufficient for most + clouds. Large deployments should monitor their performance after upgrade. + + When using Interoperable Image Import workflow, the cloud operators can + now enable automatic image conversion to desired format. When the plugin + is enabled end-users do not have any input to its operation but their + local checksum might not match with checksums recorded in Glance.