[Hwcert-announce-list] Red Hat Certification 5.16, Test Suite Updates, and Updated Certification Workflow Site Available

[Engineering Partner Management]

Greetings Red Hat Partners,

We are pleased to announce the general availability (GA) of Red Hat
Certification 5.16 and its associated test suite package updates
(listed below). This Red Hat Certification package update *is* an
official release and should be used for all new Red Hat certification
submissions. Successful results from the previous certification test
suite will be accepted for a period of 90 days.

The updated Red Hat Certification packages listed below are available
on the Red Hat Customer Portal at the following location:

https://access.redhat.com/downloads/content/282/

redhat-certification-5.16-20180809.el7.noarch.rpm
redhat-certification-backend-5.16-20180809.el7.noarch.rpm
redhat-certification-openstack-5.16-20180809.el7.noarch.rpm
redhat-certification-cloud-5.16-20180809.el7.noarch.rpm
redhat-certification-baremetal-5.16-20180809.el7.noarch.rpm
redhat-certification-hardware-5.16-20180809.1.el7.noarch.rpm
redhat-certification-hardware-preview-5.16-20180809.1.el7.noarch.rpm

redhat-certification-backend-5.16-20180809.el6.noarch.rpm
redhat-certification-cloud-5.16-20180809.el6.noarch.rpm
redhat-certification-hardware-5.16-20180802.el6.noarch.rpm
redhat-certification-hardware-preview-5.16-20180802.el6.noarch.rpm


This release includes enhancements and bug fixes as follows:
1. The protocol options are extended to include RoCE, SAS, and SATA
when creating Red Hat OpenStack Platform Block Storage certifications.
2. Hardware certification adds support for 2.5Gbps and 5Gbps Ethernet
speeds with the 2_5GigEthernet and 5GigEthernet tests.
3. Added individual function subtests (ib_read_bw, ib_send_bw, etc) to
the InfinibandConnectionTest, RoCEConnectionTest, iWarpConnectionTest,
and OmnipathConnectionTest tests.
4. Security updates and bug fixes for deploying redhat-certification
on managed platforms covering:
   a. Login protection - Every resource is login protected now.
   b. Restrict root directory access on the web server - Limit set of
files that can be directly accessed in web view.
   c. Restricted URL access - Testing and host management url
resources are hidden or inaccessible in management configuration.
   d. Preventing direct object reference - http request parameter
validations for restricting their scope, preventing an attacker from
reading and writing arbitrary files in the system.
   e. Production-ready deployment based on application settings -
Based on the mode of operation the application settings configure
various environmental variables on the fly.
Security Fix(es)

- resource consumption in DocumentBase:loadFiltered (CVE-2018-10864)
   - https://access.redhat.com/security/cve/cve-2018-10864
- /download allows to download any file (CVE-2018-10869)
   - https://access.redhat.com/security/cve/cve-2018-10869
- rhcertStore.py:__saveResultsFile allows to write any file (CVE-2018-10870)
   - https://access.redhat.com/security/cve/cve-2018-10870


The complete changelog for each package may be found on the download
page by selecting the package name followed by selecting the ChangeLog
tab.

If you encounter any problems, please file bugs against the "Red Hat
Certification Program" product in Red Hat Bugzilla
(https://bugzilla.redhat.com). Note that this may be a change for some
users who are used to using the old "Red Hat Hardware Certification
Program" product.

We value your ongoing participation in Red Hat certification, software
development, and testing efforts. Thank you for your continued
partnership. If you have any questions or comments, please do not
hesitate to contact your partner manager or engineering account
manager.

Regards,
The Red Hat Certification Team