On Tue, Apr 20, 2021 at 1:56 AM David Galloway <dgallowa@xxxxxxxxxx> wrote: > > This is the 11th bugfix release in the Octopus stable series. It > addresses a security vulnerability in the Ceph authentication framework. > We recommend users to update to this release. For a detailed release > notes with links & changelog please refer to the official blog entry at > https://ceph.io/releases/v15-2-11-octopus-released > > Security Fixes > -------------- > > * This release includes a security fix that ensures the global_id value > (a numeric value that should be unique for every authenticated client or > daemon in the cluster) is reclaimed after a network disconnect or ticket > renewal in a secure fashion. Two new health alerts may appear during the > upgrade indicating that there are clients or daemons that are not yet > patched with the appropriate fix. The link in the blog entry should point at https://docs.ceph.com/en/latest/security/CVE-2021-20288/ Please refer there for details and recommendations. Thanks, Ilya _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx