[ovirt-devel] Release notes / announcements and security fixes
Il 24/09/2014 09:31, Sven Kieske ha scritto:
On 23/09/14 23:05, Sandro Bonazzola wrote:
> [1] http://www.ovirt.org/OVirt_3.4.4_Release_Notes
First, thanks for the new release, but I have one objection to make:
Thanks for the highlight, changed subject for making this more visible.
Hidden in the release notes we find:
BZ 1139000 - CVE-2014-3573 ovirt-engine-backend: oVirt Engine: XML
eXternal Entity (XXE) flaw in backend module
So I'd like to discuss if security fixes should not be highlighted
somewhat more?
I'd expect the following:
a) Mention at least that CVEs where fixed in this release in the
announcement.
b) a category "security patches" (or similar) in the release notes
where these fixes get listed.
c) This new category should be at the top of the release notes.
What do you think?
Make sense.
Updated 3.4.4 Release notes as per points b and c.
http://www.ovirt.org/OVirt_3.4.4_Release_Notes
--
Sandro Bonazzola
Better technology. Faster innovation. Powered by community collaboration.
See how it works at redhat.com