Greetings Red Hat Partners, We are pleased to announce the general availability (GA) of Red Hat Certification 5.16 and its associated test suite package updates (listed below). This Red Hat Certification package update *is* an official release and should be used for all new Red Hat certification submissions. Successful results from the previous certification test suite will be accepted for a period of 90 days.
The updated Red Hat Certification packages listed below are available on the Red Hat Customer Portal at the following location: https://access.redhat.com/downloads/content/282/ redhat-certification-5.16-20180809.el7.noarch.rpm redhat-certification-backend-5.16-20180809.el7.noarch.rpm redhat-certification-openstack-5.16-20180809.el7.noarch.rpm redhat-certification-cloud-5.16-20180809.el7.noarch.rpm redhat-certification-baremetal-5.16-20180809.el7.noarch.rpm redhat-certification-hardware-5.16-20180809.1.el7.noarch.rpm redhat-certification-hardware-preview-5.16-20180809.1.el7.noarch.rpm redhat-certification-backend-5.16-20180809.el6.noarch.rpm redhat-certification-cloud-5.16-20180809.el6.noarch.rpm redhat-certification-hardware-5.16-20180802.el6.noarch.rpm redhat-certification-hardware-preview-5.16-20180802.el6.noarch.rpm This release includes enhancements and bug fixes as follows: 1. The protocol options are extended to include RoCE, SAS, and SATA when creating Red Hat OpenStack Platform Block Storage certifications. 2. Hardware certification adds support for 2.5Gbps and 5Gbps Ethernet speeds with the 2_5GigEthernet and 5GigEthernet tests. 3. Added individual function subtests (ib_read_bw, ib_send_bw, etc) to the InfinibandConnectionTest, RoCEConnectionTest, iWarpConnectionTest, and OmnipathConnectionTest tests. 4. Security updates and bug fixes for deploying redhat-certification on managed platforms covering: a. Login protection - Every resource is login protected now. b. Restrict root directory access on the web server - Limit set of files that can be directly accessed in web view. c. Restricted URL access - Testing and host management url resources are hidden or inaccessible in management configuration. d. Preventing direct object reference - http request parameter validations for restricting their scope, preventing an attacker from reading and writing arbitrary files in the system. e. Production-ready deployment based on application settings - Based on the mode of operation the application settings configure various environmental variables on the fly. Security Fix(es) - resource consumption in DocumentBase:loadFiltered (CVE-2018-10864) - https://access.redhat.com/security/cve/cve-2018-10864 - /download allows to download any file (CVE-2018-10869) - https://access.redhat.com/security/cve/cve-2018-10869 - rhcertStore.py:__saveResultsFile allows to write any file (CVE-2018-10870) - https://access.redhat.com/security/cve/cve-2018-10870 The complete changelog for each package may be found on the download page by selecting the package name followed by selecting the ChangeLog tab. If you encounter any problems, please file bugs against the "Red Hat Certification Program" product in Red Hat Bugzilla (https://bugzilla.redhat.com). Note that this may be a change for some users who are used to using the old "Red Hat Hardware Certification Program" product. We value your ongoing participation in Red Hat certification, software development, and testing efforts. Thank you for your continued partnership. If you have any questions or comments, please do not hesitate to contact your partner manager or engineering account manager. Regards, The Red Hat Certification Team -- Hwcert-announce-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/hwcert-announce-list
