Blog

Quick update about 0.13.3 release and DigitalOcean vulnerability

This is a quick update about the recent 0.13.3 security release and the DigitalOcean vulnerability.

DigitalOcean updated their blog post. The updated post says that scrubbing is now enabled by default for all the newly issued destroy requests:

All Destroys Default to Scrub

We have updated the destroy method to scrub on all destroys, both for web and API requests.

This means that no action is required on the client side and upgrading to 0.13.3 should not be necessary anymore.

References:

Libcloud 0.13.3 released

This release fixes a security issue with a potential leak of data contained on a destroyed DigitalOcean node. Only users who are using a DigitalOcean driver are affected.

Details about the vulnerability

DigitalOcean recently changed the default API behavior from scrub to non-scrub when destroying a VM without notifying the customers and API consumers.

Libcloud prior to this release doesn't explicitly send "scrub_data" query parameter when destroying a node. This means nodes which are destroyed using Libcloud are vulnerable to later customers stealing data contained on them.

This release fixes that by always sending "scrub_data" query parameter when destroying a DigitalOcean node.

If you are using a DigitalOcean driver, you are strongly encouraged to upgrade (or downgrade if you are using 0.14.0-beta3 beta release) to this release.

For more information, please see the Security page.

Download

Libcloud 0.13.3 can be downloaded from https://libcloud.apache.org/downloads.html

or installed using pip:

pip install apache-libcloud==0.13.3

It is possible that the file hasn't been synced to all the mirrors yet. If this is the case, please use the main Apache mirror - https://www.apache.org/dist/libcloud.

Upgrading

If you have installed Libcloud using pip you can also use it to upgrade it:

pip install --upgrade apache-libcloud==0.13.3

Documentation

Regular and API documentation is available at https://libcloud.readthedocs.org/en/latest/.

Bugs / Issues

If you find any bug or issue, please report it on our issue tracker https://issues.apache.org/jira/browse/LIBCLOUD. Don't forget to attach an example and / or test which reproduces your problem.

Thanks

Thanks to everyone who contributed and made this release possible!

Full list of people who contributed to this release can be found in the CHANGES file.

New low volume "announce" mailing list

In addition to our existing users (users@libcloud.apache.org), developers (dev@libcloud.apache.org) and commits (commits@libcloud.apache.org) mailing list, we now also have a new very low volume announce mailing list - announce@libcloud.apache.org.

The mailing list is moderated and will only be used for distributing important project announcements such as information about new releases and other important project updates.

You can subscribe to it by sending an email to announce-subscribe@libcloud.apache.org.

2013 in retrospect and a Happy New Year from the Libcloud team

Dear Libcloud users, developers and team members,

2013 is slowly coming to an end, and we would like to wish everyone a happy and successful new year!

Now it's also the time to look back at the things which have been accomplished, important events which have happened and some statistics for 2013.

Important Events and Milestones

Statistics

  • 197 new JIRA issues have been opened (total of 472). Out of those 197 issues, 138 are now marked as 'resolved'.
  • Github mirror stars: 331 (+65 YTD)
  • Twitter followers: 449 (+149 YTD)
  • Google+ page +1's: 1591
  • We had a total of 5 releases (0.12.1, 0.12.3, 0.12.4, 0.13.0, 0.13.1, 0.13.2, 0.14.0-beta3)
  • Combination of SVN and Git repository has had a total of 963 commits.

Sources

Numbers listed above have been retrieved on 26th of December, 2013 from the sources listed bellow:

Those numbers and numbers for the past years are also available in a semi machine readable format in a Google Spreadsheet.

Old retrospect blog posts

Thanks again to everyone for their contributions and lets make 2014 even better and more successful :)

New committer Brian Curtin joins our team

The Project Management Committee (PMC) for Apache Libcloud has asked Brian Curtin to become a committer and we are pleased to announce that they have accepted.

We are glad to have him as a committer. Everyone, please help us welcome him to the team :)

Source: mailing list.