[ovirt-users] Release notes / announcements and security fixes

Sandro Bonazzola sbonazzo at redhat.com
Thu Sep 25 12:51:40 UTC 2014


Il 24/09/2014 09:31, Sven Kieske ha scritto:
> 
> 
> On 23/09/14 23:05, Sandro Bonazzola wrote:
>> [1] http://www.ovirt.org/OVirt_3.4.4_Release_Notes
> 
> First, thanks for the new release, but I have one objection to make:

Thanks for the highlight, changed subject for making this more visible.


> 
> Hidden in the release notes we find:
> 
> BZ 1139000 - CVE-2014-3573 ovirt-engine-backend: oVirt Engine: XML
> eXternal Entity (XXE) flaw in backend module
> 
> So I'd like to discuss if security fixes should not be highlighted
> somewhat more?
> 
> I'd expect the following:
> 
> a) Mention at least that CVEs where fixed in this release in the
> announcement.
> b) a category "security patches" (or similar) in the release notes
> where these fixes get listed.
> c) This new category should be at the top of the release notes.
> 
> What do you think?

Make sense.
Updated 3.4.4 Release notes as per points b and c.
http://www.ovirt.org/OVirt_3.4.4_Release_Notes


-- 
Sandro Bonazzola
Better technology. Faster innovation. Powered by community collaboration.
See how it works at redhat.com



More information about the Users mailing list