On Tue, Apr 20, 2021 at 11:26 AM Ilya Dryomov <idryomov@xxxxxxxxx> wrote: > > On Tue, Apr 20, 2021 at 2:01 AM David Galloway <dgallowa@xxxxxxxxxx> wrote: > > > > This is the 20th bugfix release in the Nautilus stable series. It > > addresses a security vulnerability in the Ceph authentication framework. > > We recommend users to update to this release. For a detailed release > > notes with links & changelog please refer to the official blog entry at > > https://ceph.io/releases/v14-2-20-nautilus-released > > > > Security Fixes > > -------------- > > > > * This release includes a security fix that ensures the global_id value > > (a numeric value that should be unique for every authenticated client or > > daemon in the cluster) is reclaimed after a network disconnect or ticket > > renewal in a secure fashion. Two new health alerts may appear during > > the upgrade indicating that there are clients or daemons that are not > > yet patched with the appropriate fix. > > The link in the blog entry should point at > > https://docs.ceph.com/en/latest/security/CVE-2021-20288/ > > Please refer there for details and recommendations. Thanks Ilya. Is there any potential issue if clients upgrade before the cluster daemons? (Our clients will likely get 14.2.20 before all the clusters have been upgraded). Cheers, Dan _______________________________________________ Dev mailing list -- dev@xxxxxxx To unsubscribe send an email to dev-leave@xxxxxxx
