On Dec 4, 2013, at 4:33 AM, Abhinandan Prateek <abhinandan.prat...@citrix.com> wrote:
> Was trying to understand the issue. It seems there is no account > information in network_acl or network_acl_item table. > A proper fix will mean including that information and that means schema > change. Since this is a maintenance release we will like to avoid schema > changes as much as possible. it sounds like a pretty big issue IMHO, if not even a security risk. In addition there was this bug: https://issues.apache.org/jira/browse/CLOUDSTACK-5214 reported by milamber on 4.2.1 upgrade. He raise it as a blocker. if both need a db schema fix, then maybe we need to bite the bullet... > > A temporary fix (i.e. Till we fix schema in next big release) could mean > fetching vpc list for a user from vpc table and then use the vpc ids to > get the acls. *Marcus* you want to try out this fix ? > > -abhi > > On 04/12/13 3:28 am, "Marcus Sorensen" <shadow...@gmail.com> wrote: > >> Running the same API call on versions lower than 4.2.0 yields correct >> results, since 4.2.0 the API call returns incorrect data. The API >> itself is compatible, but for example if an application or user >> consuming the API makes those calls it will get incorrect data. For >> example, you now may get a hundred entries for port 22 open to >> 0.0.0.0/0 in your response, when only one of them is owned by you. >> >> On Tue, Dec 3, 2013 at 2:48 PM, Daan Hoogland <daan.hoogl...@gmail.com> >> wrote: >>> H Marcus, >>> >>> It breaks behavior of the API, you say. Is this in comparison to 4.2 >>> or to prior versions? >>> >>> thanks, >>> Daan >>> >>> On Tue, Dec 3, 2013 at 6:40 PM, Chip Childers <chipchild...@apache.org> >>> wrote: >>>> On Tue, Dec 3, 2013 at 7:48 AM, sebgoa <run...@gmail.com> wrote: >>>>> >>>>> Can you be more specific ? what fixes required a re-vote ? >>>> >>>> There was a security vulnerability reported in the release of >>>> sufficient severity to cause the security team to request Abhi hold >>>> off on publishing the release and to re-spin. >
