We're glad to announce v10.2.11 release of the Jewel stable release
series. This point releases brings a number of important bugfixes and
has a few important security fixes. This is most likely going to be the
final Jewel release (shine on you crazy diamond). We thank everyone in
the community for contributing towards this release and particularly
want to thank Nathan and Yuri for their relentless efforts in
backporting and testing this release.
We recommend that all Jewel 10.2.x users upgrade.
* CVE 2018-1128: auth: cephx authorizer subject to replay attack (issue#24836
http://tracker.ceph.com/issues/24836, Sage Weil)
* CVE 2018-1129: auth: cephx signature check is weak (issue#24837
http://tracker.ceph.com/issues/24837, Sage Weil)
* CVE 2018-10861: mon: auth checks not correct for pool ops (issue#24838
http://tracker.ceph.com/issues/24838, Jason Dillaman)
* The RBD C API's rbd_discard method and the C++ API's Image::discard method
now enforce a maximum length of 2GB. This restriction prevents overflow of
the result code.
* New OSDs will now use rocksdb for omap data by default, rather than
leveldb. omap is used by RGW bucket indexes and CephFS directories,
and when a single leveldb grows to 10s of GB with a high write or
delete workload, it can lead to high latency when leveldb's
single-threaded compaction cannot keep up. rocksdb supports multiple
threads for compaction, which avoids this problem.
* The CephFS client now catches failures to clear dentries during startup
and refuses to start as consistency and untrimmable cache issues may
develop. The new option client_die_on_failed_dentry_invalidate (default:
true) may be turned off to allow the client to proceed (dangerous!).
* In 10.2.10 and earlier releases, keyring caps were not checked for validity,
so the caps string could be anything. As of 10.2.11, caps strings are
validated and providing a keyring with an invalid caps string to, e.g.,
"ceph auth add" will result in an error.
The changelog and the full release notes are at the release blog entry
* Git at git://github.com/ceph/ceph.git
* Tarball at http://download.ceph.com/tarballs/ceph-10.2.11.tar.gz
* For packages, see http://docs.ceph.com/docs/master/install/get-packages/
* Release git sha1: e4b061b47f07f583c92a050d9e84b1813a35671e
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton,
HRB 21284 (AG Nürnberg)
ceph-users mailing list