[prev in list] [next in list] [prev in thread] [next in thread]
List: vdsm-devel
Subject: [ovirt-devel] Release notes / announcements and security fixes
From: Sandro Bonazzola <sbonazzo () redhat ! com>
Date: 2014-09-25 12:51:40
Message-ID: 54240FDC.2090205 () redhat ! com
[Download RAW message or body]
Il 24/09/2014 09:31, Sven Kieske ha scritto:
>
>
> On 23/09/14 23:05, Sandro Bonazzola wrote:
>> [1] http://www.ovirt.org/OVirt_3.4.4_Release_Notes
>
> First, thanks for the new release, but I have one objection to make:
Thanks for the highlight, changed subject for making this more visible.
>
> Hidden in the release notes we find:
>
> BZ 1139000 - CVE-2014-3573 ovirt-engine-backend: oVirt Engine: XML
> eXternal Entity (XXE) flaw in backend module
>
> So I'd like to discuss if security fixes should not be highlighted
> somewhat more?
>
> I'd expect the following:
>
> a) Mention at least that CVEs where fixed in this release in the
> announcement.
> b) a category "security patches" (or similar) in the release notes
> where these fixes get listed.
> c) This new category should be at the top of the release notes.
>
> What do you think?
Make sense.
Updated 3.4.4 Release notes as per points b and c.
http://www.ovirt.org/OVirt_3.4.4_Release_Notes
--
Sandro Bonazzola
Better technology. Faster innovation. Powered by community collaboration.
See how it works at redhat.com
_______________________________________________
Devel mailing list
Devel@ovirt.org
http://lists.ovirt.org/mailman/listinfo/devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic