2cents; I suppose it's up to the RM to triage and if necessary cut RC3, however, if a normal user account can't have the list of resources (uuid, in this case network's UUID) then it doesn't appear a critical issue to me for 99.99% cases.
Long term - it may be worth doing a broad search for all APIs where a similar behaviour may exist (user can't list the resource, but if they knew the UUID could possible run an API against that). Regards. ________________________________ From: Andrija Panic <andrija.pa...@gmail.com> Sent: Tuesday, March 1, 2022 04:36 To: dev <dev@cloudstack.apache.org> Subject: Re: [VOTE] Apache CloudStack 4.16.1.0 (RC2) By all means, although we could argue that this is NOT a regression, and as such we might skip it - but it's a security/privacy issue, so we should better fix it in RC3, yes. On Mon, 28 Feb 2022 at 16:15, Gabriel Bräscher <gabrasc...@gmail.com> wrote: > Hello folks, > > I would like to raise the issue > https://github.com/apache/cloudstack/issues/6049. > It affects not only 4.16.1.0 RC2, but also previous releases. > I consider it a critical issue, which could potentially impact the need for > a release candidate #3. > Any thoughts? > > Regards, > Gabriel. > > On Mon, Feb 28, 2022 at 3:46 PM Nux! <n...@li.nux.ro> wrote: > > > +1 (binding) > > > > Tested KVM in advanced zones (with and without security groups). > > Everything seems to be working. > > > > --- > > Nux! > > www.nux.ro > > > > On 2022-02-25 15:08, Suresh Anaparti wrote: > > > Hi All, > > > > > > I have created a 4.16.1.0 release (RC2), with the following artifacts > > > up for testing and a vote: > > > > > > Git Branch and Commit SHA: > > > https://github.com/apache/cloudstack/tree/4.16.1.0-RC20220225T1901 > > > Commit: cad9332082a1f85eedc30cf547ae28224be170c2 > > > > > > Source release (checksums and signatures are available at the same > > > location): > > > https://dist.apache.org/repos/dist/dev/cloudstack/4.16.1.0/ > > > > > > PGP release keys (signed using > > > D6E0581ECF8A2FBE3FF6B3C9D7CEAE3A9E71D0AA): > > > https://dist.apache.org/repos/dist/release/cloudstack/KEYS > > > > > > The vote will be open until 2nd March 2022. > > > > > > For sanity in tallying the vote, can PMC members please be sure to > > > indicate "(binding)" with their vote? > > > > > > [ ] +1 approve > > > [ ] +0 no opinion > > > [ ] -1 disapprove (and reason why) > > > > > > For users convenience, the packages from this release candidate (RC2) > > > and > > > 4.16.1 systemvm templates are available here: > > > https://download.cloudstack.org/testing/4.16.1.0-RC2/ > > > https://download.cloudstack.org/systemvm/4.16/ > > > > > > Documentation is not published yet, but the following may be > > > referenced for upgrade related tests: > > > (there's a new 4.16.1 systemvm template to be registered prior to > > > upgrade) > > > > > > https://github.com/apache/cloudstack-documentation/tree/4.16/source/upgrading/upgrade > > > > > > NOTES on the issues fixed in this RC2 release: > > > > > > (these do *NOT* require a full retest if you were testing RC1 already - > > > just if you were affected by these issues): > > > - https://github.com/apache/cloudstack/issues/6017 (regression in > > > register template form > > > when select/unselect check boxes using space in keyboard) > > > - https://github.com/apache/cloudstack/issues/6026 (affects volumes on > > > managed storages when > > > stopping or migrating a VM) > > > - https://github.com/apache/cloudstack/issues/6038 (regression in SSVM > > > scaling down behavior, > > > new config 'secstorage.vm.auto.scale.down' added to control scaling > > > down) > > > > > > > > > Regards, > > > Suresh > > > -- Andrija Panić
