We're glad to announce v10.2.11 release of the Jewel stable release
series. This point releases brings a number of important bugfixes and
has a few important security fixes. This is most likely going to be the
final Jewel release (shine on you crazy diamond). We thank everyone in
the community for contributing towards this release and particularly
want to thank Nathan and Yuri for their relentless efforts in
backporting and testing this release.

We recommend that all Jewel 10.2.x users upgrade.

Notable Changes

* CVE 2018-1128: auth: cephx authorizer subject to replay attack (issue#24836 
http://tracker.ceph.com/issues/24836, Sage Weil)

* CVE 2018-1129: auth: cephx signature check is weak (issue#24837 
http://tracker.ceph.com/issues/24837, Sage Weil)

* CVE 2018-10861: mon: auth checks not correct for pool ops (issue#24838 
http://tracker.ceph.com/issues/24838, Jason Dillaman)

* The RBD C API's rbd_discard method and the C++ API's Image::discard method
  now enforce a maximum length of 2GB. This restriction prevents overflow of
  the result code.

* New OSDs will now use rocksdb for omap data by default, rather than
  leveldb. omap is used by RGW bucket indexes and CephFS directories,
  and when a single leveldb grows to 10s of GB with a high write or
  delete workload, it can lead to high latency when leveldb's
  single-threaded compaction cannot keep up. rocksdb supports multiple
  threads for compaction, which avoids this problem.

* The CephFS client now catches failures to clear dentries during startup
  and refuses to start as consistency and untrimmable cache issues may
  develop. The new option client_die_on_failed_dentry_invalidate (default:
  true) may be turned off to allow the client to proceed (dangerous!).

* In 10.2.10 and earlier releases, keyring caps were not checked for validity,
  so the caps string could be anything. As of 10.2.11, caps strings are
  validated and providing a keyring with an invalid caps string to, e.g.,
  "ceph auth add" will result in an error.

The changelog and the full release notes are at the release blog entry
at https://ceph.com/releases/v10-2-11-jewel-released/

Getting Ceph
* Git at git://github.com/ceph/ceph.git
* Tarball at http://download.ceph.com/tarballs/ceph-10.2.11.tar.gz
* For packages, see http://docs.ceph.com/docs/master/install/get-packages/
* Release git sha1: e4b061b47f07f583c92a050d9e84b1813a35671e


SUSE Linux GmbH, GF: Felix Imend├Ârffer, Jane Smithard, Graham Norton,
HRB 21284 (AG N├╝rnberg)
ceph-users mailing list

Reply via email to