Resolved Issues in 6.10.4

A complete list of solved issues for 6.10.4 can be found in the project development portal.

The following new features have been backported to 6.10.4:

The following new features have been backported in the Sunstone Web UI to 6.10.4:

The following issues has been solved in 6.10.4:

The following issues have been solved in the Sunstone Web UI:

Security Advisory: VLAN Trunking Exposure via VLAN_TAGGED_ID

A security issue has been identified when using OpenvSwitch with VLAN Trunking enabled. The VLAN_TAGGED_ID attribute allows users to specify a range of VLANs accessible from their virtual NIC. If not properly restricted, non-privileged users can exploit this attribute (e.g., by setting VLAN_TAGGED_ID = 1-4096) to gain access to all VLANs available on the OpenvSwitch bridge, potentially exposing critical network segments. To mitigate this risk, it is strongly recommended to restrict this attribute by adding the following line to the oned.conf configuration file:

VM_RESTRICTED_ATTR = "NIC/VLAN_TAGGED_ID"

Changes in Configuration Files

Since version 6.10.3 the following changes apply to OpenNebula services configuration files:

Warning

The following attributes are not included in the configuration files distributed with 6.10.4. If you wish to use these attributes, add them manually to the corresponding file.

FireEdge Service

Config file

Description

Action

Values

group-tab.yaml

New attribute: info-tabs.user.actions.add_users

Sets the ‘Add user’ button in Groups page

true, false

group-tab.yaml

New attribute: info-tabs.user.actions.remove_users

Sets the ‘Remove user’ button in Groups page

true, false

user-tab.yaml

New attribute: info-tabs.group.actions.add_to_group

Sets the ‘Add to group’ button in Users page

true, false

user-tab.yaml

New attribute: info-tabs.group.actions.remove_from_group

Sets the ‘Remove from group’ button in Groups page

true, false

user-tab.yaml

New attribute: info-tabs.group.actions.change_primary_group

Sets the ‘Change primary group’ button in Groups page

true, false