[
https://issues.apache.org/jira/browse/CLOUDSTACK-10230?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16435104#comment-16435104
]
ASF subversion and git services commented on CLOUDSTACK-10230:
--------------------------------------------------------------
Commit 91d98211496a482e6882acd6528f9b8dbeefe3bf in cloudstack's branch
refs/heads/master from [~rafaelweingartner]
[ https://gitbox.apache.org/repos/asf?p=cloudstack.git;h=91d9821 ]
[CLOUDSTACK-10230] User should not be able to use removed “Guest OS type”
(#2404)
* [CLOUDSTACK-10230] User is able to change to “Guest OS type” that has been
removed
Users are able to change the OS type of VMs to “Guest OS type” that has been
removed. This becomes a security issue when we try to force users to use HVM
VMs (Meltdown/Spectre thing). A removed “guest os type” should not be usable by
any users in the cloud.
> User is able to change to “Guest OS type” that has been removed
> ----------------------------------------------------------------
>
> Key: CLOUDSTACK-10230
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10230
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Reporter: Rafael Weingärtner
> Assignee: Rafael Weingärtner
> Priority: Critical
>
> Users are able to change the OS type of VMs to “Guest OS type” that has been
> removed. This becomes a security issue when we try to force users to use HVM
> VMs (Meltdown/Spectre thing). A removed “guest os type” should not be usable
> by any users in the cloud.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
