ManageIQ Kasparov-1-Beta1.1, Jansa-3, and Ivanchuk-8 are now available. These releases include security fixes. Many thanks goes to Dávid Halász (@skateman) and the team for finding and fixing these vulnerabilities. Also, many thanks go to all of the contributors for all of their enhancements and bug fixes.

Security Issues

High severity

• CVE-2020-25716 - Missing access control leads to escalation of admin group privileges

Other notable changes

Kasparov-1-Beta1.1

Bug

• Fix CPU cores for chargeback project [#20933]
• Honor zone setting when queuing launch_ansible_job. [#20891]
• Do not allow to delete tenant which has children [#20404]
• fixed MiqPolicySet.seed when Condition record with the same description or name but different guid already exists [#20875]
• [API] Allow set ownership screen for instances and images [#969]
• [Podified] Fix escaping of < and > in ContainerLogger [#20883]
• [Podified] Run MiqServer.status_update in server process [#20904]
• [Podified] Prefer recreate as the deployment strategy for many services. [#653]
• [UI] Fixed tree selection issues with screens in Reports explorer [#7536]
• [UI] Disable snapshot create button for non-supported volumes [#7487]
• [AutoSDE provider] Add refresh_interval every 15 minutes [#45]
• [Google provider] Fix refresh failure when load balancer can’t be found [#170]
• [IBM Terraform provider] Fix parsing of IBM vpc hostname [#53]
• [OpenStack provider] Change hardcoded router data to regex [#668]
• [OpenStack provider] Update Network Targeted refresh to skip not found network [#667]
• [oVirt provider] Fix for datacenters being recreated every refresh [#540]
• [VMWare provider] Fix IP Address Regex Matching IPv6 as IPv4 [#677]

Enhancement

• [Podified] Adopt new memory/cpu request/limit(threshold) values [#20847]
• [Podified] Update to UBI/CentOS 8.3 [#660]
• [UI] Created a spec that checks all routes for RBAC enforcements [#7552]
• [VMWare provider] Allow specifying the datastore/network for OVF deployment. [#670]

Here are the changes (since Kasparov-1-Alpha1) per affected repository in GitHub:

• manageiq
• manageiq-api
• manageiq-appliance-build
• manageiq-pods
• manageiq-providers-autosde
• manageiq-providers-google
• manageiq-providers-ibm_cloud
• manageiq-providers-ibm_terraform
• manageiq-providers-kubernetes
• manageiq-providers-openstack
• manageiq-providers-ovirt
• manageiq-providers-vmware
• manageiq-rpm_build
• manageiq-ui-classic
• manageiq-ui-service

Jansa-3

Bug

• VmScan transitions from before_scan -> start_scan [#20953]
• Fix CPU cores for chargeback project [#20933]
• Honor zone setting when queuing launch_ansible_job. [#20891]
• Fixed MiqPolicySet.seed when Condition record with the same description or name but different guid already exists [#20875]
• Do not allow to delete tenant which has children [#20404]
• [API] Only show OPTIONS for supported providers [#948]
• [EmbeddedAnsible] Ensure newline for :ssh_key_data [#20771]
• [Podified] Run MiqServer.status_update in server process [#20904]
• [OpenStack provider] Change hardcoded router data to regex [#668]
• [OpenStack provider] Update Network Targeted refresh to skip not found network [#667]
• [oVirt provider] Fix for datacenters being recreated every refresh [#540]
• [VMWare provider] Fix IP Address Regex Matching IPv6 as IPv4 [#677]
• [VMWare provider] Fix OpaqueNetwork parser [#578]

Enhancement

• Add git remote connection check code [#20759]
• [Podified] Update to UBI/CentOS 8.3 [#660]
• [Podified] Adopt new memory/cpu request/limit(threshold) values [#20847]

Here are the changes (since Jansa-2) per affected repository in GitHub:

• amazon_ssa_support
• manageiq
• manageiq-api
• manageiq-appliance
• manageiq-appliance-build
• manageiq-automation_engine
• manageiq-consumption
• manageiq-content
• manageiq-decorators
• manageiq-gems-pending
• manageiq-graphql
• manageiq-pods
• manageiq-providers-amazon
• manageiq-providers-ansible_tower
• manageiq-providers-azure
• manageiq-providers-azure_stack
• manageiq-providers-foreman
• manageiq-providers-google
• manageiq-providers-kubernetes
• manageiq-providers-kubevirt
• manageiq-providers-lenovo
• manageiq-providers-nuage
• manageiq-providers-openshift
• manageiq-providers-openstack
• manageiq-providers-ovirt
• manageiq-providers-redfish
• manageiq-providers-scvmm
• manageiq-providers-vmware
• manageiq-schema
• manageiq-ui-classic
• manageiq-ui-service

Ivanchuk-8

Bug

• Do not allow to delete tenant which has children [#20404]
• Enhance error handle for failing playbook clone [#20232]
• Updated vm_reconfigure_task in app/models to add disk size information. [#19681]
• Block attempt to create duplicate retire request [#20355]
• [API] fix the custom button create [#814]
• [EmbeddedAnsible] Ensure newline for :ssh_key_data [#20771]
• [UI] Correctly render multi-tags in request details dialog [#7419]
• [OpenStack provider] Change hardcoded router data to regex [#668]
• [OpenStack provider] Update Network Targeted refresh to skip not found network [#667]

Enhancement

• Add git remote connection check code [#20759]
• Native console support for ivanchuk [#20640]
• [V2V] Add search boxes to the source and target lists in the mapping wizard [#1142]
• [oVirt provider] Native viewer support [#528]
• [oVirt provider] Add cpu_affinity for vms [#502]

Here are the changes (since Ivanchuk-7) per affected repository in GitHub:

• manageiq
• manageiq-api
• manageiq-appliance-build
• manageiq-automation_engine
• manageiq-pods
• manageiq-providers-azure
• manageiq-providers-openstack
• manageiq-providers-ovirt
• manageiq-ui-classic
• manageiq-ui-service
• manageiq-v2v

You can download the Jansa-3 and Kasparov-1-Beta releases here. Since we no longer support Ivanchuk, the Ivanchuk-8 release is available on https://releases.manageiq.org, however we highly recommend upgrading to a supported release instead.

For questions or support, join in on the talk page.