Cheers! Thanks for all the backports and fixes.
Regards, Webert Lima DevOps Engineer at MAV Tecnologia *Belo Horizonte - Brasil* *IRC NICK - WebertRLZ* On Wed, Jul 11, 2018 at 1:46 PM Abhishek Lekshmanan <abhis...@suse.com> wrote: > > We're glad to announce v10.2.11 release of the Jewel stable release > series. This point releases brings a number of important bugfixes and > has a few important security fixes. This is most likely going to be the > final Jewel release (shine on you crazy diamond). We thank everyone in > the community for contributing towards this release and particularly > want to thank Nathan and Yuri for their relentless efforts in > backporting and testing this release. > > We recommend that all Jewel 10.2.x users upgrade. > > Notable Changes > --------------- > > * CVE 2018-1128: auth: cephx authorizer subject to replay attack > (issue#24836 http://tracker.ceph.com/issues/24836, Sage Weil) > > * CVE 2018-1129: auth: cephx signature check is weak (issue#24837 > http://tracker.ceph.com/issues/24837, Sage Weil) > > * CVE 2018-10861: mon: auth checks not correct for pool ops (issue#24838 > http://tracker.ceph.com/issues/24838, Jason Dillaman) > > * The RBD C API's rbd_discard method and the C++ API's Image::discard > method > now enforce a maximum length of 2GB. This restriction prevents overflow > of > the result code. > > * New OSDs will now use rocksdb for omap data by default, rather than > leveldb. omap is used by RGW bucket indexes and CephFS directories, > and when a single leveldb grows to 10s of GB with a high write or > delete workload, it can lead to high latency when leveldb's > single-threaded compaction cannot keep up. rocksdb supports multiple > threads for compaction, which avoids this problem. > > * The CephFS client now catches failures to clear dentries during startup > and refuses to start as consistency and untrimmable cache issues may > develop. The new option client_die_on_failed_dentry_invalidate (default: > true) may be turned off to allow the client to proceed (dangerous!). > > * In 10.2.10 and earlier releases, keyring caps were not checked for > validity, > so the caps string could be anything. As of 10.2.11, caps strings are > validated and providing a keyring with an invalid caps string to, e.g., > "ceph auth add" will result in an error. > > The changelog and the full release notes are at the release blog entry > at https://ceph.com/releases/v10-2-11-jewel-released/ > > Getting Ceph > ------------ > * Git at git://github.com/ceph/ceph.git > * Tarball at http://download.ceph.com/tarballs/ceph-10.2.11.tar.gz > * For packages, see http://docs.ceph.com/docs/master/install/get-packages/ > * Release git sha1: e4b061b47f07f583c92a050d9e84b1813a35671e > > > Best, > Abhishek > > -- > SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, > HRB 21284 (AG Nürnberg) > _______________________________________________ > ceph-users mailing list > ceph-users@lists.ceph.com > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com >
_______________________________________________ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
