[ovirt-devel] Release notes / announcements and security fixes
Sandro Bonazzola
sbonazzo at redhat.com
Thu Sep 25 12:51:40 UTC 2014
Il 24/09/2014 09:31, Sven Kieske ha scritto:
>
>
> On 23/09/14 23:05, Sandro Bonazzola wrote:
>> [1] http://www.ovirt.org/OVirt_3.4.4_Release_Notes
>
> First, thanks for the new release, but I have one objection to make:
Thanks for the highlight, changed subject for making this more visible.
>
> Hidden in the release notes we find:
>
> BZ 1139000 - CVE-2014-3573 ovirt-engine-backend: oVirt Engine: XML
> eXternal Entity (XXE) flaw in backend module
>
> So I'd like to discuss if security fixes should not be highlighted
> somewhat more?
>
> I'd expect the following:
>
> a) Mention at least that CVEs where fixed in this release in the
> announcement.
> b) a category "security patches" (or similar) in the release notes
> where these fixes get listed.
> c) This new category should be at the top of the release notes.
>
> What do you think?
Make sense.
Updated 3.4.4 Release notes as per points b and c.
http://www.ovirt.org/OVirt_3.4.4_Release_Notes
--
Sandro Bonazzola
Better technology. Faster innovation. Powered by community collaboration.
See how it works at redhat.com
More information about the Devel
mailing list