Resolved Issues in 6.10.4

A complete list of solved issues for 6.10.4 can be found in the project development portal.

The following new features have been backported to 6.10.4:

• Add support of using defined timezone by oneacct utility with flag -t/–timezone.

• Console logging for LXC Driver.

• Add architecture and hypervisor scheduling requirements to public marketplaces public marketplaces

The following new features have been backported in the Sunstone Web UI to 6.10.4:

• Update backup configuration on a virtual machine.

The following issues has been solved in 6.10.4:

• Fix a bug when Restic passwords include quotes.

• Fix onevrouter instantiate command prompts for user input unnecessarily.

• Fix user-input option for CLI to support values containing commas and equal signs.

• Fix VM migration not executed on vCenter when src host ID is 0.

• Fix VNet instance doesn’t update BRIDGE_TYPE, when VN_MAD is updated.

• Fix oneacl rules not being cleaned-up after removing a group admin.

• Fix vGPU profile monitoring for legacy mode.

• Fix README.md links to old paths.

• Fix a silent LXC container start fail.

• Fix the use of hardcoded DNS for linuxcontainers marketplace.

• Fix Restic backup driver when the server is not deployed together with the frontend.

• Fix resource names to not allow special characters ‘\t’, ‘\n’, ‘\v’, ‘\f’, ‘\r’.

• Fix HA in case of wrong SQL query.

The following issues have been solved in the Sunstone Web UI:

• Fix ability to add and remove existing users to existing groups and change main group from an user. In order to add, remove or change main group from and user, please see Changes in Configuration Files section below.

• Fix image upload not working.

• Fix Sunstone has issues with Disk IDs when updating boot order.

Security Advisory: VLAN Trunking Exposure via VLAN_TAGGED_ID

A security issue has been identified when using OpenvSwitch with VLAN Trunking enabled. The VLAN_TAGGED_ID attribute allows users to specify a range of VLANs accessible from their virtual NIC. If not properly restricted, non-privileged users can exploit this attribute (e.g., by setting VLAN_TAGGED_ID = 1-4096) to gain access to all VLANs available on the OpenvSwitch bridge, potentially exposing critical network segments. To mitigate this risk, it is strongly recommended to restrict this attribute by adding the following line to the oned.conf configuration file:

VM_RESTRICTED_ATTR = "NIC/VLAN_TAGGED_ID"

Changes in Configuration Files

Since version 6.10.3 the following changes apply to OpenNebula services configuration files:

Warning

The following attributes are not included in the configuration files distributed with 6.10.4. If you wish to use these attributes, add them manually to the corresponding file.

FireEdge Service

Config file	Description	Action	Values
group-tab.yaml	New attribute: info-tabs.user.actions.add_users	Sets the ‘Add user’ button in Groups page	true, false
group-tab.yaml	New attribute: info-tabs.user.actions.remove_users	Sets the ‘Remove user’ button in Groups page	true, false
user-tab.yaml	New attribute: info-tabs.group.actions.add_to_group	Sets the ‘Add to group’ button in Users page	true, false
user-tab.yaml	New attribute: info-tabs.group.actions.remove_from_group	Sets the ‘Remove from group’ button in Groups page	true, false
user-tab.yaml	New attribute: info-tabs.group.actions.change_primary_group	Sets the ‘Change primary group’ button in Groups page	true, false