Hi all, A vulnerability was found in Pacemaker allowing a user who is in the haclient group but restricted by ACLs to bypass those ACLs. It has been assigned the ID CVE-2020-25654.
This will be fixed in the 2.0 and master branches today, along with a 2.0.5-rc2 release that includes the fix. It will also be fixed in the 1.1 branch along with a 1.1.24-rc1 release that includes just this. I will also post patches for the 2.0.3 and 2.0.4 releases to the [email protected] list. -- Ken Gaillot <[email protected]> _______________________________________________ Manage your subscription: https://lists.clusterlabs.org/mailman/listinfo/users ClusterLabs home: https://www.clusterlabs.org/
