www-announce mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tomaz Muraus <to...@apache.org>
Subject [ANNOUNCE] [SECURITY FIX] Apache Libcloud 0.13.3
Date Tue, 31 Dec 2013 14:45:20 GMT
Libcloud is a Python library that abstracts away the differences among
multiple cloud provider APIs. It allows users to manage cloud services
(servers, storage, load balancers, DNS) offered by many different providers
through a single, unified and easy to use API.

This is a security-fix only release. It fixes a security issue with a
leak of data contained on a destroyed DigitalOcean node. Only users who are
using a DigitalOcean driver are affected.

DigitalOcean recently changed the default API behavior from scrub to
when destroying a VM without notifying the customers and API consumers.

Libcloud prior to this release doesn't explicitly send "scrub_data" query
parameter when destroying a node. This means nodes which are destroyed using
Libcloud are vulnerable to later customers stealing data contained on them.

This release fixes that by always sending "scrub_data" query parameter when
destroying a DigitalOcean node.

If you are using a DigitalOcean driver, you are strongly encouraged to
(or downgrade if you are using 0.14.0-beta3 beta release) to this release.

More information is available on our "Security" page -


Libcloud 0.13.3 can be downloaded from

or installed using pip:

pip install apache-libcloud==0.13.3

It is possible that the file hasn't been synced to all the mirrors yet. If
is the case, please use the main Apache mirror -


If you have installed Libcloud using pip you can also use it to upgrade it:

pip install --upgrade apache-libcloud==0.13.3

Upgrade notes

A page which describes backward incompatible or semi-incompatible
changes and how to preserve the old behavior when this is possible
can be found at


Regular and API documentation is available at

Bugs / Issues

If you find any bug or issue, please report it on our issue tracker
Don't forget to attach an example and / or test which reproduces your


Thanks to everyone who contributed and made this release possible!

Full list of people who contributed to this release can be found in the
file <

View raw message