[PATCH 6/6] NEWS: Mention change of default for TLS certificate verification
Peter Krempa
pkrempa at redhat.com
Fri Nov 13 15:01:37 UTC 2020
Signed-off-by: Peter Krempa <pkrempa at redhat.com>
---
NEWS.rst | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/NEWS.rst b/NEWS.rst
index 3fd3ce4cb9..6fcfd4e26b 100644
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -11,6 +11,17 @@ For a more fine-grained view, use the `git log`_.
v6.10.0 (unreleased)
====================
+* **Security**
+
+ * qemu: Enable client TLS certificate validation by default for ``chardev``,
+ ``migration``, and ``backup`` servers.
+
+ The default value if qemu.conf options ``chardev_tls_x509_verify``,
+ ``migrate_tls_x509_verify``, or ``backup_tls_x509_verify`` are not specified
+ explicitly in the config file and also the ``default_tls_x509_verify`` config
+ option is missing are now '1'. This ensures that only legitimate clients
+ access servers, which don't have any additional form of authentication.
+
* **New features**
* hyperv: implement new APIs
--
2.28.0
More information about the libvir-list
mailing list