Re: [ovirt-users] [ovirt-announce] [ANN] oVirt 3.4.4 Release is now available

On 23/09/14 23:05, Sandro Bonazzola wrote: First, thanks for the new release, but I have one objection to make: Hidden in the release notes we find: BZ 1139000 - CVE-2014-3573 ovirt-engine-backend: oVirt Engine: XML eXternal Entity (XXE) flaw in backend module So I'd like to discuss if security fixes should not be highlighted somewhat more? I'd expect the following: a) Mention at least that CVEs where fixed in this release in the announcement. b) a category "security patches" (or similar) in the release notes where these fixes get listed. c) This new category should be at the top of the release notes. What do you think? -- Mit freundlichen Grüßen / Regards Sven Kieske Systemadministrator Mittwald CM Service GmbH & Co. KG Königsberger Straße 6 32339 Espelkamp T: +49-5772-293-100 F: +49-5772-293-333 https://www.mittwald.de Geschäftsführer: Robert Meyer St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen