Il 24/09/2014 09:31, Sven Kieske ha scritto:
On 23/09/14 23:05, Sandro Bonazzola wrote:
First, thanks for the new release, but I have one objection to make:
Thanks for the highlight, changed subject for making this more visible.
Hidden in the release notes we find:
BZ 1139000 - CVE-2014-3573 ovirt-engine-backend: oVirt Engine: XML eXternal Entity (XXE) flaw in backend module
So I'd like to discuss if security fixes should not be highlighted somewhat more?
I'd expect the following:
a) Mention at least that CVEs where fixed in this release in the announcement. b) a category "security patches" (or similar) in the release notes where these fixes get listed. c) This new category should be at the top of the release notes.
What do you think?
Make sense. Updated 3.4.4 Release notes as per points b and c. http://www.ovirt.org/OVirt_3.4.4_Release_Notes -- Sandro Bonazzola Better technology. Faster innovation. Powered by community collaboration. See how it works at redhat.com