Related Vulnerabilities: CVE-2018-11627 CVE-2018-11627 CVE-2018-11627

Source

Synopsis

Moderate: CloudForms 4.7 security, bug fix and enhancement update

Type/Severity

Security Advisory: Moderate

Topic

An update is now available for CloudForms Management Engine 5.10.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components.

Security Fix(es):

rubygem-sinatra: XSS in the 400 Bad Request page (CVE-2018-11627)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

This update fixes various bugs and adds enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

If the postgresql service is running, it will be automatically restarted after installing this update. After installing the updated packages, the httpd daemon will be restarted automatically.

Affected Products

Red Hat CloudForms 4.7 x86_64

Fixes

BZ - 1082155 - [RFE][S-3] Common settings for appliances in the same zone should be inherited from the region
BZ - 1090627 - [RFE][L-8] Copy EVM-Super_administrator role does not actually copy all permissions
BZ - 1090957 - [RFE][M-5] LifeCycle/Migrate VM does not support VMware Folder relocation
BZ - 1164306 - [RFE][M-5] need script to export custom buttons
BZ - 1212947 - [RFE] Openstack discovery UnderCloud Only
BZ - 1314871 - [RFE][M-5] Single E-mail Variables Location
BZ - 1318353 - [RFE][M-5] create custom operational alerts in cloudforms for failed/invalid logins
BZ - 1326992 - [RFE][XS-2] Increase Retirement Granularity to Day and Time
BZ - 1339398 - [RFE][M-5] change the AWS endpoint URL
BZ - 1344589 - [RFE][S-3] Export / Import Analysis Profiles for use with Control and Compliance Profiles
BZ - 1353037 - [RFE][S-3] Allow CloudForms to use only attribute "groupMembership" for LDAP
BZ - 1390456 - CloudForms displays incorrect floating IP quota for OpenStack tenants
BZ - 1391095 - [RFE][L-8] Replication does not support HA
BZ - 1392342 - [Beta 2] In OpenStack Provider Properties, when using Provider Region, there are 2 field called Region
BZ - 1394217 - [ALL LANG] Cloud Intel - Reports - Schedules 'Add a new Schedule' has untranslated entry
BZ - 1394263 - UI: No gap in Drop-Down's while creating Condition
BZ - 1399378 - Infrastructure provisioning template selection screen includes "Hide deprecated" checkbox and "Deprecated" column which only apply to cloud provisioning
BZ - 1417215 - inappropriate value type in json communication to openstack liberty during provisioning
BZ - 1418080 - After failing back over to a reintroduced node $APPLIANCE_PG_SERVICE shows as failed and appliance_console info shows Local Database Server: initialized and stopped
BZ - 1426390 - Automate Simulation copy to Button doesn't work
BZ - 1428003 - Issue with Image/template Select during provision
BZ - 1428536 - VM Chargeback Preview Report needs better formatting
BZ - 1428584 - Remove search box on Switch summary page
BZ - 1428797 - some of events appear in timelines w/o "source vm"
BZ - 1434762 - [RFE][M-5]Changes in evm.log & audit.log
BZ - 1434918 - Orphaned Rows in vim_performance_states not being purged
BZ - 1435780 - invalid values supplied when creating new policies using /api/policies doesn't result in error
BZ - 1441326 - [RFE] Remove empty C&U memory graph for EC2 Availability zones for hourly interval
BZ - 1441353 - Automate State machine not honoring MIQ_STOP properly
BZ - 1442702 - UI: After "Edit Tags" for Network Ports navigating to Networks Provider page.
BZ - 1444520 - Slow Redirection when adding cloud keypair
BZ - 1445932 - [RFE] Automating the generation of widget content
BZ - 1448683 - Missing flash message / any notification to user deleting cloud tenant
BZ - 1450008 - SmartState Analysis on Virtual Machine throwing error in evm.log
BZ - 1451300 - [Ansible Embedded][Services][Multi-Tenancy] - Multiple catalogs with the same name in the dropdown menu
BZ - 1460263 - shutdown_and_exit messages get marked as error and never removed from miq_queue table
BZ - 1460992 - Selected switch not highlighted on Accordion
BZ - 1463555 - rhsm subscription broken if 'register to' is set to sat6
BZ - 1468252 - Incorrect error message when trying to login to appliance with 'web services' role disabled
BZ - 1468339 - [RFE][L-8] Integration with external Ansible Tower Workflows
BZ - 1468795 - [RFE] tenant_administrator role can modify quotas of his own Tenant
BZ - 1469151 - erroneous behavior of spinner and spinner box in advanced search loading
BZ - 1469372 - [Text] [VM Provision] - 'Virtual Machine %{subject} has been provisioned.'
BZ - 1470754 - No check before deletion of router which can't be deleted
BZ - 1471948 - heat client doesn't populate correctly the "files" parameter
BZ - 1472279 - [RFE] expand the api to provide more information related to infrastructure providers
BZ - 1474511 - CPU / Memory and CPU usage / Memory Usage use inconsistent data
BZ - 1475303 - Text Injection possible
BZ - 1475891 - [Authentication] Rename Get Roles from Home Forest
BZ - 1476327 - provider type not checked when creating authentications, fails with undefined method `id' for nil:NilClass
BZ - 1478889 - [genealogy] CFME not detecting parent VM with Azure provider
BZ - 1481840 - Services Requests not showing all requests from 30 days
BZ - 1482905 - Unable to add Long Description for Playbook based Catalog Items
BZ - 1486362 - [RFE] Add API call for container scanning via SmartState
BZ - 1486658 - Default Container Image Rate can be deleted
BZ - 1486695 - Multiple notifications when embedded ansible role fails to start
BZ - 1487142 - [RFE] Add a OpenStack Provider Dashboard in Cloud (overcloud)
BZ - 1487234 - Volume Deletion Button Method Not Define
BZ - 1488579 - [upstream] : dynamic dropdown list can be created without providing entry point in new dialog editor
BZ - 1490979 - [RFE] With CF generated keypairs for OSP, you are unable to download the Private key
BZ - 1491387 - HTML5 Remote Console: CTRL+ALT+DEL button Error: "ReferenceError: sc is not defined"
BZ - 1491772 - Ansible Tower: Service can be created/ordered without selecting Tower provider from dropdown list
BZ - 1493788 - it's possible to add multiple shopping carts for the authenticated user
BZ - 1494359 - [UPSTREAM] Unexpected error while deleting network router of cloud tenant
BZ - 1494589 - reports of the count of vms by cloud tenant are off (openstack)
BZ - 1495265 - [RFE] HOST_FAILURE events should be exposed in Control/Alerts
BZ - 1495630 - [ALL_LANG] pagination label x-xx of xx is not localized
BZ - 1495829 - UI: Same icon used for multiple options on Cloud Tenants page
BZ - 1496838 - [PRD][RFE][Alerts] Add CloudForms Alerts for OpenShift Provider based on Hourly Timer
BZ - 1497061 - [RFE][XS-2] Tagging cloud network, subnets, flavors, availability_zones, routers and security_group using ReST APIs
BZ - 1498951 - [RFE][XS-2] Add Indian currency in cloudforms chargeback reports
BZ - 1499161 - If a container image SmartState Analysis fails, the image is still marked as compliant
BZ - 1500613 - [RFE][L-8] Add new region in drop down list as 'China' in Amazon EC2 Cloud provider
BZ - 1501031 - ui: Request text box should be empty when changed Button type "ansible_playbook" to default
BZ - 1501052 - Inconsistency between message when creating vs. deleting in dashboard widgets of Report
BZ - 1501098 - Service UI not taking 'user default' language
BZ - 1501114 - Custom Button icon is not disabled when button is disabled
BZ - 1501147 - 'Web Console' taking incorrect IP address
BZ - 1501996 - NOR doesn't use 30 days' worth of metrics
BZ - 1502778 - [RFE] Add Redux for State Management
BZ - 1502857 - Status inconsistency in Topology View for OpenStack provider
BZ - 1503660 - UI: Proper task name should be there when initiate Provider refresh.
BZ - 1504209 - Create and Restore from Backup missing from list of Cloud Volumes
BZ - 1505159 - AMQP flash message not showing properly [RHOS]
BZ - 1506634 - Group: 'All changes have been reset' duplication for page with tag expression
BZ - 1506685 - Group: Tag fields should be empty after selecting condition
BZ - 1506987 - Incorrect display of "Cloud Resource Quotas: Used"
BZ - 1507667 - [RFE][M-5] Ability to add and remove AWS volumes for an instance
BZ - 1507812 - [RFE] Expose the Pause/Resume Provider via API
BZ - 1507916 - OpenStack services on Host page were broken by UI refactoring
BZ - 1508490 - [RFE][M-5] Unable to show Automate Requests without Exposing Other Automate Tabs
BZ - 1509244 - Save and Reset button disable on Volume restore form Backup Detail page
BZ - 1511126 - [PRD][RFE][M-5] Ansible Next Gen - Ansible Reporting
BZ - 1511171 - [RFE][XL-13] External Tower Provider - Selectively enhance with items recently added with Ansible Inside Enhancements
BZ - 1511214 - EmsRefresh.update_relats_by_ids error for 'base_class' for deleted VM
BZ - 1511376 - [RFE] Delete Datastores via ReST API
BZ - 1512399 - Dropdown element UI issues .
BZ - 1512443 - The name on the accordion doesn't match with name of title of configuration page
BZ - 1512480 - Their is an extra page on start page options on setting page.
BZ - 1513086 - Openstack instances have no cores but have multiple sockets
BZ - 1513520 - [RFE][M-5] Support AWS S3 for CFME Backups
BZ - 1513616 - Cloning repositories in Embedded Ansible within CFME without trusted SSL certificates leads to silent failure of project
BZ - 1516836 - Edit page of custom button group's title ends with "MiqTemplate|"
BZ - 1516895 - Inconstancy between addition vs. deletion messages of Analysis Profiles and Schedules
BZ - 1518304 - Events endpoint is not shown for Network Provider
BZ - 1518630 - When adding or updating an OpenStack Volume Name, Provider or target refresh is not executed
BZ - 1518867 - When no image uploaded for Catalog Item, a 'T' is displayed in UI
BZ - 1518926 - Inconsistent capitalization for Retirement State field
BZ - 1519341 - Import/Export for Custom Reports Dialog has an unusable scroll bars
BZ - 1520930 - [RFE] Newly created ec2 key pair is not downloadable
BZ - 1523281 - Alert editing screen has a redundant horizontal line
BZ - 1524309 - Repetitive storage volume deletion gives unexpected error
BZ - 1525188 - Lenovo host status icon does not display correctly (image size)
BZ - 1525237 - Tag filter missing from Physical Infrastructure Topology view
BZ - 1525546 - My Orders line items should expand/collapsse when clicking anywhere on the line
BZ - 1525883 - [ALL_LANG] CFME SSUI My Orders - Oder page has untranslated entries
BZ - 1525922 - [ALL_LANG] User Icon - Configuration - Access Control : 'Add new group' and 'Add new role' translation issues
BZ - 1525926 - [ALL_LANG] Help Icon - About : Red Hat Customer Portal needs translation
BZ - 1525954 - [ja_JP] Cloud Intel - Reports - Dashboard widgets - All Widgets - Reports page title needs correction
BZ - 1525973 - [ALL_LANG] Compute - Containers - Projects dashboard page has untranslated entries
BZ - 1526472 - 404 Error when trying to edit VM Template Ownership
BZ - 1526495 - [RFE] Requests link in Compute->Infrastructure Vertical Nav
BZ - 1526553 - [ALL_LANG] CFME UI : some page titles are not localized
BZ - 1527681 - [RFE][M-5] Consolidated chargeback report in global region for same tenant name across multiple subregions
BZ - 1530259 - Manage policies button not yet implemented for Container Images
BZ - 1530345 - Storage Volume Attached to suspended VM flash shows JSON info.
BZ - 1530948 - [QEDevCollab] Delete Advanced Search Filter via REST
BZ - 1530952 - [QEDevCollab] Queue Chargeback Report via REST API
BZ - 1530953 - [QEDevCollab] Get Current Server Time via REST API
BZ - 1531117 - EC2 items with empty Name tag have no name/id displayed
BZ - 1531910 - [RFE] Add eu-west3(Paris) to default ec2 regions
BZ - 1532201 - RHSM validate/save fails to save settings correctly if you click register too fast.
BZ - 1532244 - Unable to get cloud_tenant value through service dialog
BZ - 1533063 - [ALL_LANG] Optimize - Bottlenecks : Bottlenecks Summary page has untranslated entries
BZ - 1533093 - [ALL_LANG] Compute - Containers - Container Images : image summary page has untranslated entries
BZ - 1533284 - Remove 'Include C&U metrics' option for Metering Reports
BZ - 1533671 - Remove 'Storage Total' field from Chargeback Preview reports
BZ - 1533728 - [RFE][L-8]Ability to attach ISO in UI dropdown for VMware vSphere
BZ - 1535177 - [RFE][M-5] "Out of memory worker exceeded" verbosity for end user
BZ - 1535179 - [RFE][S-3] CloudForms UI log collection to have option to collect automate model & service dialogs
BZ - 1535229 - [RFE] Retirements Need a Unique Service ID in Logs and Web UI
BZ - 1535237 - [RFE][S-3] Log the Worker ID of the Previous Appliance/Process that Executed an Automate Task
BZ - 1535345 - [RFE][S-3] Include option to take database dump from appliance_console menu
BZ - 1536144 - [RFE] [Ansible Embedded] - Data in 'Updated on' column are not changing after repo refresh
BZ - 1536452 - Advanced search present in Config mgmt Providers page
BZ - 1536524 - [RFE][M-5] Need a way to change adv config settings on other appliances via the UI
BZ - 1536625 - Filters saved in workloads are not displayed until page refresh
BZ - 1536711 - Inconsistent units for disk size for Azure instances
BZ - 1537493 - [QEDevCollab] Components in add new automate domain form causing test automation failures
BZ - 1538058 - [RFE] RabbitMQ durable queues lead to fail of event handler for OpenStack AMQP
BZ - 1538087 - [ALL_LANG] Notification Icon : untranslated entry
BZ - 1538109 - [ALL_LANG] User Icon - Configuration - Settings - CFME Region: Region xx[xx] - Tags - Import Tags : text truncation issue
BZ - 1538825 - [RFE] Add further checks when validating OpenStack Platform Director providers
BZ - 1539370 - remove container statuses table from pod summary page
BZ - 1539379 - [RFE] add API to assign alert profiles to the enterprise
BZ - 1540254 - unable to access the metric_rollups subcollection
BZ - 1540283 - Some of EC2 security groups record values are not displayed correctly
BZ - 1540684 - [RHOS][UI] - Physical Network field visible for all types of networks
BZ - 1540692 - [UI][RHOS][RFE] - Show only supported provider network types in dropdown list
BZ - 1540894 - API: edit action is repeated in response of GET custom button
BZ - 1542907 - Custom button dialog submission/cancellation hides seachbar and accordion bar from redirected cloud tentant page
BZ - 1543289 - Started column showing the same date as in Queued column in Tasks table
BZ - 1544317 - Error in evm log when clicked on Download pdf button of Template
BZ - 1544344 - Storage Volume Status problem
BZ - 1544854 - Setup fails for HA standby node using appliance_console_cli
BZ - 1545147 - While creating SNS topic exception in log
BZ - 1545296 - View selector of All Generic Objects page not working except default
BZ - 1545322 - Metrics capture logs errors for NetworkPort without ems_ref on Undercloud Network provider
BZ - 1545401 - [RFE][S-3] Report admin role for reporting access
BZ - 1545520 - domain id flash message with JSON
BZ - 1545835 - wrong generic object definition toolbar when details displayed
BZ - 1546864 - Remove vim_performance_tag_values table
BZ - 1547740 - [RFE] Deleting a cloud provider does not clean up associated cloud tenant and group.
BZ - 1549076 - [RHV] VM reconfigure dialog: Disks table: Delete backing, Bootable yes/no buttons are split.
BZ - 1549123 - Targeted refresh targets can grow unbounded causing Postgres InternalError
BZ - 1549658 - [RFE] Support RestAPI Primary Collection for Container Pods
BZ - 1550008 - [RFE] - CFME storage - add an option to create a new volume choosing disk type
BZ - 1550493 - Advanced Search present in Ansible Tower Providers page
BZ - 1550641 - Report Menus Editor: Selected node in the tree is not displayed as selected inside editor, tree should be disabled during edit
BZ - 1551273 - [RHV] Smart state analysis task succeed, however the packages are not collected for the CFME VM.
BZ - 1552064 - [RFE] - Button overflow at all custom button object types after multiple buttons added on screen
BZ - 1553157 - Cannot delete multiple Policies
BZ - 1553833 - [RFE][M-5] Dynamic sysprep provisioning parameters for rhv deployments through cloudforms
BZ - 1554809 - Notification Drawer size is not responsive on SSUI
BZ - 1557363 - The "Total memory (mb)" property is displaying the amount in gigabytes instead of megabytes
BZ - 1557968 - Non-navigatable page available in start at login drop down
BZ - 1558620 - GTL toolbar missing for Block Storage Managers
BZ - 1559184 - [RFE][L-8] Ability to rename VMs from UI
BZ - 1559422 - Edit and Save of Satellite Provider doesn't return to All Configuration Manager Providers page
BZ - 1559957 - Cannot Remove the VMRC Console Credentials from VMware Provider
BZ - 1560479 - custom css file cleared after upgrade/update
BZ - 1560527 - Restricted user get 'Cannot read property 'href' of undefined' while adding credentials
BZ - 1560530 - [Ansible Tower] - fix typo in flash message
BZ - 1560535 - Add repository, Create service item: not available for restricted user
BZ - 1560679 - Satellite provider name change is not updated in accordion
BZ - 1560691 - C&U collection throws exceptions for VMs getting archived
BZ - 1561160 - SUI: Incorrect 'Available' value for CD/DVD on VM Details page
BZ - 1561167 - [RFE][S-3] Excluding 'Last Analysis' field from Drift Workload Section
BZ - 1561180 - upstream : Unable to add openshift provider with metrics ON as metrics validation never enables.
BZ - 1561609 - [RFE][S-3] Display the VMware PortGroup attached to a specific VM/instance
BZ - 1561627 - OpenStack Infra with bad credential flash shows JSON
BZ - 1561646 - RFE - Azure Provider - Blacklist deployments_exportTemplate events
BZ - 1561698 - When logged in as non-admin user, access control role name updates are not updated in the Access Control accordion until after a manual refresh
BZ - 1561937 - Targeted refresh not working for ec2 ebs snapshots
BZ - 1561959 - [RFE][S-3] Add OpenSCAP Title and CVE references into CloudForms database
BZ - 1562062 - Newest EC2 t2 instance types are missing in CFME
BZ - 1562828 - When creating a new user with a mismatched password, incorrect "Name/Userid can't be blank" message is also displayed
BZ - 1562956 - All replication operations should be queued
BZ - 1563311 - After selecting filter basic search is cleared in datastores
BZ - 1563316 - Control explorer policies search clear button not working correctly
BZ - 1563867 - [RFE] Need safer way to control which hosts are used for running an Ansible Job Template from CloudForms.
BZ - 1564199 - Wrong default value for "Run" field on Editing Widget screen
BZ - 1564495 - Quota - Azure requested storage value differs from flavor image and from provisioned VM storage.
BZ - 1565019 - Subnet cidr field is not marked as required when adding a new subnet
BZ - 1565208 - Reporting worker logs error when generating or displaying Guest OS Information widget report
BZ - 1565235 - Support Custom buttons for more object types
BZ - 1565266 - RBAC-related warnings logged when viewing Satellite provider in web UI
BZ - 1565620 - [RFE] [Lenovo] Improve hostname validation
BZ - 1565621 - [RFE][Lenovo] Parsing disk capacity of the physical server
BZ - 1565628 - [RFE][Lenovo] Change the way that network device details are displayed
BZ - 1565629 - [RFE][Lenovo] Showing authentication status in Physical Provider list
BZ - 1565631 - [RFE][Lenovo] Implementing change password view
BZ - 1565634 - [RFE][Lenovo] Adding Rack to provider's topology
BZ - 1565635 - [RFE][Lenovo] Create a Rack list and Rack page
BZ - 1565636 - [RFE][Lenovo] Create a toolbar for PhysicalRack
BZ - 1565637 - [RFE][Lenovo] Adding switches list page
BZ - 1565640 - [RFE][Lenovo] Adding switches show page
BZ - 1565642 - [RFE][Lenovo] Add physical server dashboard widgets
BZ - 1565763 - [VMWare]Sysprep customization doesn't start
BZ - 1565791 - [RFE] [Azure] Sysprep Windows Templates
BZ - 1566615 - Unable to use special characters in HTTPS proxy field when adding/validating container provider
BZ - 1568073 - Custom service attribute does not show in the ops UI
BZ - 1568077 - Retirement: Remove resources switches switches back to "no" if ansible is used for retirement
BZ - 1568687 - Incorrect type description for RHV credential
BZ - 1568805 - [RFE] Use our own Ruby instead of relying on the one in SCL
BZ - 1569437 - [RFE][PRD][XL-13] V2V: From Vmware to OpenStack
BZ - 1569452 - [RFE][PRD][S-3] Google Cloud backup of Cinder
BZ - 1570044 - [RFE][PRD][KubeVirt] Detect/Add CNV Provider from CloudForms
BZ - 1570121 - [RFE][PRD][KubeVirt] View VM from CloudForms
BZ - 1570123 - [RFE][PRD][KubeVirt] Power management of the VM in CloudForms
BZ - 1570128 - [RFE][PRD][KubeVirt] Create VM from template in CFME
BZ - 1570561 - [RFE][PRD] Support for Ansible 2.6
BZ - 1571223 - [upstream][v2v] Manage IQ performs slowly over remote site
BZ - 1571610 - [RFE][PRD] As an operator, I want to see all cabinets (chassis enclosures).
BZ - 1571614 - Service 'Order' button is colored Gray (Looks inactive).
BZ - 1572350 - [RFE] Allow custom session logging size when generating reports to prevent WARN statements unnecessarily
BZ - 1572376 - [RFE] Support for Microsoft Azure Germany and compatibility
BZ - 1572793 - Frequent "AH01574: module ssl_module is already loaded, skipping" in journal
BZ - 1573566 - [RFE][Lenovo] Adding ability to parse switch details in the Lenovo Provider
BZ - 1573568 - [RFE][Lenovo] Adding ability to parse expanded PCI device and embedded device details
BZ - 1573570 - [RFE][Lenovo] Adding ability to parse blade chassis details
BZ - 1573572 - [RFE][Lenovo] Adding ability to parse storage adapter details
BZ - 1573574 - [RFE][Lenovo] Adding ability to parse storage adapter details firmware
BZ - 1573575 - [RFE][Lenovo] Adding ability to parse physical rack details
BZ - 1573576 - [RFE][Lenovo] Adding ability to parse physical network device vlan and port details
BZ - 1573578 - [RFE][Lenovo] Add a physical rack to the topology
BZ - 1573580 - [RFE][Lenovo] Adapt Network devices page to new ports relationship
BZ - 1573581 - [RFE][Lenovo] Add a dashboard view for the physical infra provider
BZ - 1573591 - [RFE][Lenovo] Create a REST API for configuration pattern deployment
BZ - 1573594 - [RFE][Lenovo] Create a REST API to retrieve configuration pattern
BZ - 1573596 - [RFE][Lenovo] Create a REST API to retrieve chassis details
BZ - 1573607 - [RFE][Lenovo] Create a REST API for storage adapter details
BZ - 1573614 - [RFE][Lenovo] Add ability to parse firmware compliance details
BZ - 1573616 - [RFE][Lenovo] Add ability to show resource firmware compliance details
BZ - 1574029 - CFME image for EC2 is not booting when using newer instance types(c5): dracut-initqueue: Warning: Could not boot.
BZ - 1574403 - 404 Not Found: When dialog submitted via custom button from datastore object with method and dialog both attached
BZ - 1574444 - vm.storage only returns one storage id instead of list of storage ids that are associated with VM object.
BZ - 1574488 - Remote console popup is being stored in the session
BZ - 1574638 - Refresh button is displayed in request page
BZ - 1574808 - [RFE][PRD] As an operator, I want to see all systems
BZ - 1574809 - [RFE][PRD] As an operator, I want to be able to navigate between cabinets and systems
BZ - 1574810 - [RFE][PRD] As an operator, I want to see the physical resources of a system (such as CPU, RAM)
BZ - 1574813 - [RFE][PRD] As an operator, I want to be able to check the current status of all systems
BZ - 1574816 - [RFE][PRD] As an operator, I want to be able power on a system
BZ - 1574817 - [RFE][PRD] As an operator, I want to be able to power off a system
BZ - 1574818 - [RFE][PRD] As an operator, I want to be able to reboot a system
BZ - 1574820 - [RFE][PRD] As an operator, I want to be able turn on system LED
BZ - 1574821 - [RFE][PRD] As an operator, I want to be able to turn off a system LED
BZ - 1574828 - [RFE][PRD] As an operator, I want to be able to enable event catcher service for Redfish provider
BZ - 1574829 - [RFE][PRD] As an operator, I want to be able trigger automation methods based on received events
BZ - 1574830 - [RFE][PRD] As an operator, I want to be able see the events on the provider's timeline
BZ - 1575773 - Azure targeted refresh: VM remains in inventory after delete event received
BZ - 1576457 - [RFE] Add configuratble vhost to AMQP monitor
BZ - 1576561 - [RFE] Use VMware WaitForUpdates directly to save inventory
BZ - 1576922 - Persistent Volumes Report outputs Capacity in hash
BZ - 1576984 - [RFE] Advanced settings - ability to reset to default value, delete newly added keys
BZ - 1578792 - SSA performed on RHEL VM counts duplicate services
BZ - 1579031 - Fix servicetemplateprovisionrequest_denied approver_href method.
BZ - 1579753 - Quick search part of the title from different view is displayed on Flavor Summary page
BZ - 1579934 - xClarity: Error while execute refresh of a provider with invalid credentials
BZ - 1581288 - [RFE] Service Dialogs - Calculate Quota for instance_type dialog override.
BZ - 1581652 - [RFE][AZURE] List of available regions available for subscription
BZ - 1582212 - [RFE][Lenovo] Adding Physical Switches support to the API
BZ - 1583017 - [RFE] Display the Virtual NIC Driver information attached to a specific VM/instance
BZ - 1583175 - Save button still enabled if no change while editing Chargeback Rate
BZ - 1583754 - [RFE] Snapshot field for EC2 instances non-functional
BZ - 1584172 - [Upstream] Unexpected error on requests page
BZ - 1585218 - CVE-2018-11627 rubygem-sinatra: XSS in the 400 Bad Request page
BZ - 1585569 - UI: Cockpit- Access denied error after clicking on Cloud Intel Menu
BZ - 1585689 - [RFE][Lenovo] Setting different colors for physical infra components on topology view
BZ - 1586176 - [RFE][XS-2] Include file splitting for dumps/backups in appliance_console menu
BZ - 1586186 - [RFE][XS-2] Include table exclusions for database dumps in appliance_console menu
BZ - 1586187 - [RFE][S-3] Allow database dumps/backups to be uploaded to an FTP target
BZ - 1588072 - [RFE] Client-side printing/export to PDF to support angular/react components
BZ - 1588189 - [RFE] Provider operations with playbooks - create run_ansible_queue method in core
BZ - 1589009 - Duplicate groups listed when setting ownership for multiple vms
BZ - 1589065 - Forbidden to read the project: admin, for collection type: stack
BZ - 1589261 - [RFE] Provider operations with playbooks - pluggable UI for button that can be defined by provider dev and lives with the provider repo
BZ - 1589265 - [RFE][v2v] V2V should differentiate whether logs are moved or not generated
BZ - 1590288 - [RFE] Add EC2 M5d and C5d instance types to CFME
BZ - 1590440 - [RFE][L-8] Integration with external Ansible Tower Workflows - Backend
BZ - 1590441 - [RFE][L-8] Integration with external Ansible Tower Workflows - UI
BZ - 1590764 - Button group is shown in self-service portal even when no buttons or rights are assigned
BZ - 1590840 - [RFE] Ansible Tower - Link to playbook logging returned to service
BZ - 1590844 - [RFE] Ansible Tower - Link to playbook execution data
BZ - 1590975 - [RFE][L-8] Integration with external Ansible Tower Workflows - Automate
BZ - 1592573 - Default dialog entries not localized when ordering catalog item in French
BZ - 1592891 - [RFE] [V2V] Extend the virt-v2v-wrapper for OpenStack
BZ - 1592897 - [RFE] [V2V] Set OpenStack conversion VM tags in CF for VM identification
BZ - 1592898 - [RFE] Collect Cinder volume types and display it in CloudForms
BZ - 1592900 - [RFE] [V2V] Add Cinder volume types to CF OpenStack provider
BZ - 1593663 - cannot add rhos provider with amqp settings. credential validation fails with error "undefined method `strip' for nil:NilClass"
BZ - 1593760 - [RFE] Make cards on the top of Migration page clickable
BZ - 1594196 - [v2v][RFE] Ability to limit the number of concurrent migrations (throttling)
BZ - 1594469 - Dialog options are missing when using a custom button and dialog on GenericObject instance
BZ - 1594757 - [RFE] non-admin user can't see requests under /api/requests
BZ - 1595149 - dro.destroy: not removed from service
BZ - 1595583 - Number of instances shows one more than actual value in Networks>subnets
BZ - 1596136 - User with Edit Tags for Catalog Items unable to Edit Tags and No Error shown
BZ - 1596143 - [v2v] vm name with punycode international characters fails while migration
BZ - 1596172 - [Ansible Embedded][UI] - Footer will disappear from Playbooks page after clicking on 'Download as ...'
BZ - 1596266 - [RBAC] - Groups created by tenant admin are not visible to tenant admin
BZ - 1597802 - Mislabeled entries for Dropdown element in Dialog Editor
BZ - 1597914 - [RFE] Support Custom buttons for more object types (See description for list)
BZ - 1599798 - [RFE] Provider operations with playbooks - Use ansible-runner instead of ansible-playbook
BZ - 1599868 - [RFE] - ability to edit an existing migration plan
BZ - 1599997 - [RFE] Update WeightedUpdateStatus to handle task cancellation and cleanup
BZ - 1600678 - Flavor: Toolbar buttons do not work when viewing list of instances for a specific Flavor
BZ - 1601523 - orchestration link mismatch
BZ - 1601590 - Incorrect chargeback metric values displayed for recently created vsphere vm
BZ - 1602136 - [RFE] Raise event in CloudForms when new external logins are auto-created for the first time
BZ - 1602413 - error 403 trying to use action refresh on a provider as non-admin user with api and refresh permissions granted
BZ - 1602848 - When double clicking save, breaks service dialog
BZ - 1602883 - Custom Buttons - When using protected fields, variables are not decrypted when passed to playbook
BZ - 1605210 - Unable to create an operational RHV provider using the REST API.
BZ - 1608554 - When a role has Operate on Service Requests, shows all requests in UI but not API
BZ - 1609564 - [RFE] Set flavor access to project
BZ - 1609905 - Debug logging spams evm.log with deprecation warnings
BZ - 1609924 - [RFE] Multi-level dependency resolving with embedded method
BZ - 1610299 - [RFE] Provide ability to supply dashboards for specific group
BZ - 1610768 - [RFE] Include latest version of python-ovirt-engine-sdk4 into the appliance
BZ - 1610798 - [RFE] Include latest version of ovirt-ansible-roles package and it dependencies into the appliance
BZ - 1612002 - Tasks in notification drawer is empty and not usable
BZ - 1613848 - [v2v][RFE] Option for setting concurrent migrations
BZ - 1614006 - CloudForms VMware OVA Appliance Displays Incorrect Operating System
BZ - 1614369 - [RFE] Service Dialog: Disable the 'Single value' switch in Tag Control when not applicable
BZ - 1614918 - [RFE] Create a tool to track requests to puma so that when users get 502 errors, the logs tell us exactly which request timed out
BZ - 1615444 - The /System/Request/ansible_tower_job instance still calls the deprecated /ConfigurationManagement/AnsibleTower/Operations/StateMachines/Job/default method
BZ - 1615488 - [RFE] Support OpenStack Swift for CFME Backups
BZ - 1616201 - Report view limit not working
BZ - 1618743 - Misleading wording in UI for editing domain(s)
BZ - 1618813 - [v2v] Text should be wrapped in popover properly
BZ - 1618844 - [v2v] Red Cross Symbol in front of Plan Name for Plan that is not even started
BZ - 1619298 - GCE instances not created preemptible
BZ - 1619678 - cloud network nor key pairs are eligible for MIQ Expression
BZ - 1619744 - Provisioning a VM on GCE produces errorneous requests
BZ - 1620161 - issuing vm_reconfigure disk_remove via rest-api FAILS (WORKAROUND AVAILABLE)
BZ - 1620228 - [RFE] [v2v] - Add CloudVolumeType to API
BZ - 1620287 - Service Dialog Create - TextArea Entry Point not displaying correct text
BZ - 1621888 - Cannot add Ansible Tower through API if using self signed cert
BZ - 1623072 - [RFE] Apply right-size recommendations during migration
BZ - 1623094 - [RFE] EC2 T3 instance types are missing in CFME
BZ - 1623862 - GCE provider doesn't respect the http_proxy configuration to connect to the remote
BZ - 1625320 - raise_retirement_event log message should include the requester information
BZ - 1626005 - Appliance won't start with database connection failure at seeding
BZ - 1627284 - Disk Size Filter for Report Only Allows Bytes as Size of Disk
BZ - 1628726 - [RFE] - Containers Overview page Status cards do not load without provider
BZ - 1629900 - [RFE][Lenovo] Add Storage unit detail with storage canister information
BZ - 1629903 - [RFE][Lenovo] Add overview page for all physical infrastructure providers
BZ - 1629905 - xClarity: LXCA events cause large increases in log/db size due to event collection
BZ - 1630801 - [RFE] Include latest Version of Python libraries: Bambou & vspk
BZ - 1632355 - [RFE] Add support for VMware to OpenStack migration
BZ - 1632844 - [NoMethodError]: undefined method `create_snapshot' for VM in Global Region
BZ - 1633526 - Virt-v2v is killed with SIGKILL instead of SIGTERM
BZ - 1634029 - Move Automate code for conversion hosts to backend
BZ - 1634673 - [RFE] Access reports based on roles
BZ - 1635026 - [RFE] cloud_ds_check.sh should include --max-time for curl, or TimeoutSec= in cloud-ds-check.service
BZ - 1636182 - [RFE] Add EC2 f1.4xlarge flavor to CFME
BZ - 1636547 - [RFE] Move appliance from apache module mod_auth_kerb to mod_auth_gssapi
BZ - 1637609 - Link in the alert for infrastructure provider leads to Containers Providers page with an error
BZ - 1638502 - Retirement Requester not populated after retirement
BZ - 1638508 - [RFE] Delete a Migration Plan
BZ - 1638527 - [RFE] Two Small Usability Enhancements to the Plan Details Page
BZ - 1638853 - [RFE] Edit an Infrastructure Mapping
BZ - 1640275 - [RFE] Remove Infrastructure Mappings from Overview Page
BZ - 1640279 - [RFE] A stray "0" character appears after the associated mapping name on a plan with no schedule
BZ - 1640362 - [RFE] Schedule button is disabled despite date/time picker showing valid selection
BZ - 1640594 - [RFE] Use migration plan status cards as selection controls
BZ - 1640718 - [RFE] Azure log is hard to read, no new lines, no logging level
BZ - 1640779 - [RFE] User wants to change the scheduled time of a migration plan
BZ - 1642175 - [RFE] Add sorting, filtering and pagination to Migration Plan list views
BZ - 1642464 - [RFE] Auto select displayed migration plans
BZ - 1642495 - [RFE] [Schedule Migration] Console error when editing a schedule that is less than 2 minutes in the future
BZ - 1643148 - All SCAP rules not applied after upgrading to RHEL 7.6
BZ - 1643290 - [RFE] [Code Cleanup] Deduplicate filter/sort/pagination elements into ListViewToolbar renderers
BZ - 1643610 - [RFE] Link directly from the Overview page to the Infrastructure Mappings page
BZ - 1644310 - Cannot add volume when navigated from ec2 block storage provider relationships
BZ - 1644351 - Quota for vm_reconfigure disk_remove fails sometimes
BZ - 1644802 - [RFE] Migration Plan list views no longer allow vertical scrolling
BZ - 1645168 - [RFE] [Edit Migration Plan] Allow changing the associated infrastructure mapping
BZ - 1645629 - [RFE] Add warning if Mapping changes when editing a plan
BZ - 1645714 - [RFE] [Code Cleanup] Incorporate filtering/sorting/pagination abstraction with PlanRequestDetailList
BZ - 1646657 - [RFE] filterFieldTypeMenu button should have unique `Name`
BZ - 1646905 - Quote not allowed in button name
BZ - 1647013 - Password field is locked and blank in log depot settings after changing log depot type
BZ - 1647234 - [RFE] [Code Cleanup] Incorporate filtering/sorting/pagination abstraction with PlanVmsList
BZ - 1649799 - Setting the memory threshold for the Refresh worker in the WebUI configures the wrong value in the configuration yaml
BZ - 1649806 - Validation for GCE Provider Returns No Success/Failure in ManageIQ Hammer 1-rc1
BZ - 1651241 - Emails not validated on Schedules and Alerts add/edit form
BZ - 1653169 - Update UI tooltip for Infrastructure Mapping warning icon
BZ - 1653709 - A user with the role operator can't view datastores through Provider page
BZ - 1653796 - widget description in the page title
BZ - 1654385 - [RFE] Add warning to mapping wizard when no OSP conversion hosts are present
BZ - 1654828 - [RFE] Remove unreliable links to product documentation
BZ - 1655012 - Custom roles are not updating with required changes in product feature tree
BZ - 1655163 - [v2v][RFE] Editing an OSP mapping with public networks causes errors in Networks step of mapping wizard
BZ - 1655174 - [v2v][RFE] Rename the "Overview" page to "Migration Plans"
BZ - 1656961 - [RFE] Settings: enforce a minimum of 1 migration per conversion host
BZ - 1663031 - Empty image appears next to fired alert on Monitor->Alerts->All Alerts page

CVEs

CVE-2018-11627

Moderate: CloudForms 4.7 security, bug fix and enhancement update

Synopsis

Type/Severity

Topic

Description

Solution

Affected Products

Fixes

CVEs

References

Vulmon Search

About

Products

Connect