[ovirt-users] [ovirt-announce] [ANN] oVirt 3.4.4 Release is now available

Sven Kieske s.kieske at mittwald.de
Wed Sep 24 03:31:36 EDT 2014



On 23/09/14 23:05, Sandro Bonazzola wrote:
> [1] http://www.ovirt.org/OVirt_3.4.4_Release_Notes

First, thanks for the new release, but I have one objection to make:

Hidden in the release notes we find:

BZ 1139000 - CVE-2014-3573 ovirt-engine-backend: oVirt Engine: XML
eXternal Entity (XXE) flaw in backend module

So I'd like to discuss if security fixes should not be highlighted
somewhat more?

I'd expect the following:

a) Mention at least that CVEs where fixed in this release in the
announcement.
b) a category "security patches" (or similar) in the release notes
where these fixes get listed.
c) This new category should be at the top of the release notes.

What do you think?




-- 
Mit freundlichen Grüßen / Regards

Sven Kieske

Systemadministrator
Mittwald CM Service GmbH & Co. KG
Königsberger Straße 6
32339 Espelkamp
T: +49-5772-293-100
F: +49-5772-293-333
https://www.mittwald.de
Geschäftsführer: Robert Meyer
St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen


More information about the Users mailing list