We're glad to announce v10.2.11 release of the Jewel stable release series. This point releases brings a number of important bugfixes and has a few important security fixes. This is most likely going to be the final Jewel release (shine on you crazy diamond). We thank everyone in the community for contributing towards this release and particularly want to thank Nathan and Yuri for their relentless efforts in backporting and testing this release. We recommend that all Jewel 10.2.x users upgrade. Notable Changes --------------- * CVE 2018-1128: auth: cephx authorizer subject to replay attack (issue#24836 http://tracker.ceph.com/issues/24836, Sage Weil) * CVE 2018-1129: auth: cephx signature check is weak (issue#24837 http://tracker.ceph.com/issues/24837, Sage Weil) * CVE 2018-10861: mon: auth checks not correct for pool ops (issue#24838 http://tracker.ceph.com/issues/24838, Jason Dillaman) * The RBD C API's rbd_discard method and the C++ API's Image::discard method now enforce a maximum length of 2GB. This restriction prevents overflow of the result code. * New OSDs will now use rocksdb for omap data by default, rather than leveldb. omap is used by RGW bucket indexes and CephFS directories, and when a single leveldb grows to 10s of GB with a high write or delete workload, it can lead to high latency when leveldb's single-threaded compaction cannot keep up. rocksdb supports multiple threads for compaction, which avoids this problem. * The CephFS client now catches failures to clear dentries during startup and refuses to start as consistency and untrimmable cache issues may develop. The new option client_die_on_failed_dentry_invalidate (default: true) may be turned off to allow the client to proceed (dangerous!). * In 10.2.10 and earlier releases, keyring caps were not checked for validity, so the caps string could be anything. As of 10.2.11, caps strings are validated and providing a keyring with an invalid caps string to, e.g., "ceph auth add" will result in an error. The changelog and the full release notes are at the release blog entry at https://ceph.com/releases/v10-2-11-jewel-released/ Getting Ceph ------------ * Git at git://github.com/ceph/ceph.git * Tarball at http://download.ceph.com/tarballs/ceph-10.2.11.tar.gz * For packages, see http://docs.ceph.com/docs/master/install/get-packages/ * Release git sha1: e4b061b47f07f583c92a050d9e84b1813a35671e Best, Abhishek -- SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com