Skip to content
This repository has been archived by the owner on Jul 6, 2023. It is now read-only.

Release 10.1
Compare
Choose a tag to compare
@phlogistonjohn phlogistonjohn released this 30 Sep 14:27
· 83 commits to master since this release
v10.1.0
dd067b7

Release 10.1.0

This is a security and bugfix release.

An information-disclosure flaw was found in the way Heketi logs sensitive
information. This flaw allows an attacker with access to the Heketi server logs
to read potentially sensitive information, such as the CHAP passwords for
gluster-block volumes (CVE-2020-10763).

Administrators may want to check old logs for gluster-block passwords if they
created block volumes with CHAP authentication enabled. Restrict access or
remove old logs that retain the passwords.

Thanks to Prasanna Kumar Kalever of Red Hat for finding and fixing this issue.

Changelog

  • Fix CVE-2020-10763
  • Fix an issue removing/replacing devices on unrecoverable failed nodes
  • Add a flag to skip a gluster heal check when gluster can not report on heals (when a node has failed or unable to perform the required action).
Assets 11