Google Git
Sign in
apache / libcloud-site / refs/heads/asf-site / . / output / blog / tags / security-release.html
blob: cc01d3cdb580fc4d6ce16b531de7d87b6817fb64 [file] [log] [blame]
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="author" content="The Apache Software Foundation">
<meta name="keywords" content="python,libcloud,cloud,cloud computing,rackspace,amazon ec2,cloudfiles,openstack,cloudstack" />
<title>Apache Libcloud | Apache Libcloud</title>
<!-- fav icons -->
<link rel="shortcut icon" href="/images/favicon.png" />
<link rel="apple-touch-icon" href="/images/apple-touch-icon.png" />
<link rel="apple-touch-icon-precomposed" href="/images/apple-touch-icon.png" />
<link href="/blog/atom.xml" type="application/atom+xml" rel="alternate" title="Apache Libcloud Blog Feed" />
<!-- Facebook OpenGraph tags -->
<meta content="Apache Libcloud" property="og:site_name">
<meta content="Apache Libcloud" property="og:title">
<meta content="website" property="og:type">
<meta content="https://libcloud.apache.org/blog/tags/security-release" property="og:url">
<link href='/assets/global-1768bfa479597eed443be67c5aec2edc.css' rel='stylesheet' type='text/css' />
</head>
<body data-spy="scroll" data-target=".sidebar-nav" data-offset="80">
<nav class="navbar navbar-fixed-top navbar-inverse" role="navigation">
<div class="container">
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-ex1-collapse">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="/"><img src="/images/libcloud_logo.png" class="navbar-logo" /> Apache Libcloud</a>
</div>
<div class="collapse navbar-collapse navbar-ex1-collapse">
<ul class="nav navbar-nav">
<li ><a href="/" >Home</a></li>
<li ><a href="/about.html" >About</a></li>
<li ><a href="/getting-started.html" >Quick Start</a></li>
<li ><a href="https://libcloud.readthedocs.org/en/stable/" target="_blank">Documentation</a></li>
<li ><a href="/downloads.html" >Downloads</a></li>
<li ><a href="/community.html" >Community</a></li>
<li ><a href="/blog/" >Blog</a></li>
</ul>
<div class="material-switch pull-right">
<input id="theme-switch" name="theme-switch" type="checkbox" onclick="modeSwitcher()"/>
<label for="theme-switch" class="label-default"></label>
<span id="theme-toggle" class="theme-switch">Dark mode</span>
</div>
</div><!-- /.navbar-collapse -->
</div><!-- /.container -->
</nav>
<div class="container main-container">
<div class="row section page-content">
<div class="col-lg-8 col-lg-offset-2">
<h1>Tag: security release</h1>
<div class="post">
<h2 class="post-title"><a href="/blog/2014/01/01/quick-update-about-0-13-3-release-and-digitalocean-vulnerability.html">Quick update about 0.13.3 release and DigitalOcean vulnerability</a></h2>
<span class="post-date-author">By Tomaz Muraus on Jan 01, 2014</span>
<div class="post-content">
<p>This is a quick update about the recent 0.13.3 security release and the
DigitalOcean vulnerability.</p>
<p>DigitalOcean updated their blog post. The updated post says that
scrubbing is now enabled by default for all the newly issued destroy
requests:</p>
<blockquote>
<p>All Destroys Default to Scrub</p>
<p>We have updated the destroy method to scrub on all destroys, both for
web and API requests.</p>
</blockquote>
<p>This means that no action is required on the client side and upgrading
to 0.13.3 should not be necessary anymore.</p>
<p>References:</p>
<ul>
<li><a href="https://twitter.com/digitalocean/status/418140046265294848">https://twitter.com/digitalocean/status/418140046265294848</a></li>
<li><a href="https://digitalocean.com/blog_posts/transparency-regarding-data-security">https://digitalocean.com/blog_posts/transparency-regarding-data-security</a></li>
</ul>
</div>
<div class="row section post-meta">
<div class="col-md-12 post-tags">
<p>Tags: <a href="/blog/tags/news.html" rel="tag">news</a>, <a href="/blog/tags/security-release.html" rel="tag">security release</a></p>
</div>
</div>
</div>
<div class="post">
<h2 class="post-title"><a href="/blog/2013/12/31/libcloud-0-13-3-released.html">Libcloud 0.13.3 released</a></h2>
<span class="post-date-author">By Tomaz Muraus on Dec 31, 2013</span>
<div class="post-content">
<p>This release fixes a security issue with a potential leak of data contained on
a destroyed DigitalOcean node. Only users who are using a DigitalOcean driver
are affected.</p>
<h3 id="details-about-the-vulnerability">Details about the vulnerability</h3>
<p>DigitalOcean recently changed the default API behavior from scrub to
non-scrub when destroying a VM without notifying the customers and API
consumers.</p>
<p>Libcloud prior to this release doesn’t explicitly send “scrub_data” query
parameter when destroying a node. This means nodes which are destroyed using
Libcloud are vulnerable to later customers stealing data contained on them.</p>
<p>This release fixes that by always sending “scrub_data” query parameter when
destroying a DigitalOcean node.</p>
<p>If you are using a DigitalOcean driver, you are strongly encouraged to
upgrade (or downgrade if you are using 0.14.0-beta3 beta release) to this
release.</p>
<p>For more information, please see the <a href="/security.html#CVE-2013-6480">Security page</a>.</p>
<h3 id="download">Download</h3>
<p>Libcloud 0.13.3 can be downloaded from
<a href="https://libcloud.apache.org/downloads.html">https://libcloud.apache.org/downloads.html</a></p>
<p>or installed using pip:</p>
<figure class="highlight">
<pre><code class="language-bash" data-lang="bash">pip <span class="nb">install </span>apache-libcloud<span class="o">==</span>0.13.3</code></pre>
</figure>
<p>It is possible that the file hasn’t been synced to all the mirrors yet. If
this is the case, please use the main Apache mirror -
https://www.apache.org/dist/libcloud.</p>
<h3 id="upgrading">Upgrading</h3>
<p>If you have installed Libcloud using pip you can also use it to upgrade it:</p>
<figure class="highlight">
<pre><code class="language-bash" data-lang="bash">pip <span class="nb">install</span> <span class="nt">--upgrade</span> apache-libcloud<span class="o">==</span>0.13.3</code></pre>
</figure>
<h3 id="documentation">Documentation</h3>
<p>Regular and API documentation is available at
<a href="https://libcloud.readthedocs.org/en/latest/">https://libcloud.readthedocs.org/en/latest/</a>.</p>
<h3 id="bugs--issues">Bugs / Issues</h3>
<p>If you find any bug or issue, please report it on our issue tracker
<a href="https://issues.apache.org/jira/browse/LIBCLOUD">https://issues.apache.org/jira/browse/LIBCLOUD</a>. Don’t forget to attach an
example and / or test which reproduces your problem.</p>
<h3 id="thanks">Thanks</h3>
<p>Thanks to everyone who contributed and made this release possible!</p>
<p>Full list of people who contributed to this release can be found in the
<a href="https://git-wip-us.apache.org/repos/asf?p=libcloud.git;a=blob;f=CHANGES;h=a06b0ed4c443f9f56784572a4e291e779de599e3;hb=a1fdac91ec9fdf699d77f9f9b01699de7f56171e#l3">CHANGES file</a>.</p>
</div>
<div class="row section post-meta">
<div class="col-md-12 post-tags">
<p>Tags: <a href="/blog/tags/news.html" rel="tag">news</a>, <a href="/blog/tags/release-announcement.html" rel="tag">release announcement</a>, <a href="/blog/tags/security-release.html" rel="tag">security release</a></p>
</div>
</div>
</div>
<div class="post">
<h2 class="post-title"><a href="/blog/2012/08/22/libcloud-0-11-1-released.html">Libcloud 0.11.1 released</a></h2>
<span class="post-date-author">By Tomaz Muraus on Aug 22, 2012</span>
<div class="post-content">
<p>This release fixes a possible SSL man-in-the-middle vulnerability inside
the code which performs the SSL certificate validation. For more
information about the vulnerability, please see the “Security” page -
<a href="http://libcloud.apache.org/security.html">http://libcloud.apache.org/security.html</a>.</p>
<p>Everyone using an older version is strongly encouraged to upgrade to this
release.</p>
<h3 id="download">Download</h3>
<p>Libcloud 0.11.1 can be downloaded from
http://libcloud.apache.org/downloads.html
or installed using pip:</p>
<figure class="highlight">
<pre><code class="language-bash" data-lang="bash">pip <span class="nb">install </span>apache-libcloud</code></pre>
</figure>
<p>It is possible that the file hasn’t been synced to all the mirrors yet. If
this is the case, please use the main Apache mirror -
http://www.apache.org/dist/libcloud.</p>
<h3 id="upgrading">Upgrading</h3>
<p>If you have installed Libcloud using pip you can also use it to upgrade it:</p>
<figure class="highlight">
<pre><code class="language-bash" data-lang="bash">pip <span class="nb">install</span> <span class="nt">--upgrade</span> apache-libcloud</code></pre>
</figure>
<h3 id="upgrade-notes">Upgrade notes</h3>
<p>A page which describes backward incompatible or semi-incompatible
changes and how to preserve the old behavior when this is possible
can be found at http://libcloud.apache.org/upgrade-notes.html.</p>
<h3 id="documentation">Documentation</h3>
<p>API documentation can be found at http://libcloud.apache.org/apidocs/0.11.1/.</p>
<h3 id="bugs--issues">Bugs / Issues</h3>
<p>If you find any bug or issue, please report it on our issue tracker
<a href="https://issues.apache.org/jira/browse/LIBCLOUD">https://issues.apache.org/jira/browse/LIBCLOUD</a>. Don’t forget to attach an
example and / or test which reproduces your problem.</p>
<h3 id="thanks">Thanks</h3>
<p>Thanks to the researchers from the University of Texas at Austin
(Martin Georgiev, Suman Jana and Vitaly Shmatikov) who discovered this
vulnerability.</p>
<p>Source: <a href="http://mail-archives.apache.org/mod_mbox/www-announce/201208.mbox/%3CCAJMHEmL958gN+GZT0tWDM9jVmMBj+w0qqY8TYXbJUNPwdW+6yA@mail.gmail.com%3E">release announcement</a>.</p>
</div>
<div class="row section post-meta">
<div class="col-md-12 post-tags">
<p>Tags: <a href="/blog/tags/news.html" rel="tag">news</a>, <a href="/blog/tags/release-announcement.html" rel="tag">release announcement</a>, <a href="/blog/tags/security-release.html" rel="tag">security release</a></p>
</div>
</div>
</div>
<div class="post">
<h2 class="post-title"><a href="/blog/2011/01/17/libcloud-0-4-2-released.html">Libcloud 0.4.2 released</a></h2>
<span class="post-date-author">By Jerry Chen on Jan 17, 2011</span>
<div class="post-content">
<p>The Apache Software Foundation and the Apache Libcloud Project are
pleased to announce the release and immediate availability of version
0.4.2 of Apache Libcloud (“libcloud”).</p>
<p>Apache Libcloud is a pure python client library for interacting with
many of the popular cloud server providers. It was created to make it
easy for developers to build products that work between any of the
services that it supports.</p>
<p>Apache Libcloud is available for download from:
<a href="http://incubator.apache.org/libcloud/downloads.html">http://incubator.apache.org/libcloud/downloads.html</a>.</p>
<p>Major changes since the previous release:</p>
<ul>
<li>New drivers for CloudSigma, Brightbox, Rackspace UK</li>
<li>Improvements to deployment capabilities</li>
<li>libcloud.security module for SSL certificate verification, see
http://wiki.apache.org/incubator/LibcloudSSL</li>
</ul>
</div>
<div class="row section post-meta">
<div class="col-md-12 post-tags">
<p>Tags: <a href="/blog/tags/news.html" rel="tag">news</a>, <a href="/blog/tags/release-announcement.html" rel="tag">release announcement</a>, <a href="/blog/tags/security-release.html" rel="tag">security release</a></p>
</div>
</div>
</div>
</div>
</div>
<hr />
<footer>
<div class="row">
<div class="col-lg-12 text-center">
<div class="footer-links">
<p><a href="http://www.apache.org/licenses/">License</a> | <a
href="/security.html">Security</a> | <a
href="http://www.apache.org/foundation/sponsorship.html">Sponsorship</a> |
<a href="http://www.apache.org/foundation/thanks.html">Thanks</a> |
<a href="https://www.apache.org/events/">Events</a> |
<a href="/credits.html">Credits</a> | <a href="/media.html">Media</a>
</div>
<div class="footer-text">
<p><a class="acevent" data-format="wide"></a></p>
<p class="">Copyright &copy; 2009-2023 <a href="https://www.apache.org/" target="_blank">The Apache Software Foundation</a></p>
<p class="">Apache Libcloud, Libcloud, Apache, the Apache feather, and the Apache Libcloud project logo are trademarks of the Apache Software Foundation. All other marks mentioned may be trademarks or registered trademarks of their respective owners.</p>
<p class="">Site last updated on 2023-09-09 21:33:21 +0000</p>
</div>
</div>
</div>
</footer>
</div><!-- /.container -->
<!-- JavaScript -->
<script src='/assets/global-20157a00c0e17a775f45ed99ccdf79d7.js' type='text/javascript'></script>
<script type="text/javascript">
var _paq = window._paq = window._paq || [];
/* tracker methods like "setCustomDimension" should be called before
"trackPageView" */
/* We explicitly disable cookie tracking to avoid privacy issues */
_paq.push(['disableCookies']);
_paq.push(['trackPageView']);
_paq.push(['enableLinkTracking']);
(function() {
var u="https://analytics.apache.org/";
_paq.push(['setTrackerUrl', u+'matomo.php']);
_paq.push(['setSiteId', '7']);
var d=document, g=d.createElement('script'),
s=d.getElementsByTagName('script')[0];
g.async=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s);
})();
</script>
<script src="https://www.apachecon.com/event-images/snippet.js"></script>
</body>
</html>