Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
a3ab9c8
commit ea8c640
Showing
2 changed files
with
46 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
// Module included in the following assemblies: | ||
// | ||
// * migration_toolkit_for_containers/mtc-release-notes.adoc | ||
:_mod-docs-content-type: REFERENCE | ||
[id="migration-mtc-release-notes-1-7-15_{context}"] | ||
= {mtc-full} 1.7.15 release notes | ||
|
||
[id="resolved-issues-1-7-15_{context}"] | ||
== Resolved issues | ||
|
||
This release has the following resolved issues: | ||
|
||
.CVE-2024-24786: A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop | ||
|
||
A flaw was found in the `protojson.Unmarshal` function, which could enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition could occur when unmarshaling into a message that contained a `google.protobuf.Any` value or when the `UnmarshalOptions.DiscardUnknown` option was set. | ||
|
||
To resolve this issue, upgrade to {mtc-short} 1.7.15. | ||
|
||
For more details, see link:https://access.redhat.com/security/cve/CVE-2024-24786[(CVE-2024-24786)]. | ||
|
||
.CVE-2024-28180: `jose-go` improper handling of highly compressed data | ||
|
||
A vulnerability was found in Jose due to improper handling of highly compressed data. An attacker could send a JSON Web Encryption (JWE) containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. | ||
|
||
To resolve this issue, upgrade to {mtc-short} 1.7.15. | ||
|
||
For more details, see link:https://access.redhat.com/security/cve/CVE-2024-28180[(CVE-2024-28180)]. | ||
|
||
|
||
[id="known-issues-1-7-15_{context}"] | ||
== Known issues | ||
|
||
This release has the following known issues: | ||
|
||
.Direct Volume Migration is failing as the rsync pod on the source cluster goes into an `Error` state | ||
|
||
On migrating any application with Persistent Volume Claim (PVC), Stage succeeds with warnings and Direct Volume Migration (DVM) fails with the `rsync` pod on the source namespace going into an `error` state. link:https://bugzilla.redhat.com/show_bug.cgi?id=2256141[(BZ#2256141)] | ||
|
||
.The conflict condition is briefly cleared after it is created | ||
|
||
When creating a new state migration plan that will result in a conflict error, that error is cleared shortly after it is displayed. link:https://bugzilla.redhat.com/show_bug.cgi?id=2144299[(BZ#2144299)] | ||
|
||
.Migration fails when there are multiple Volume Snapshot Locations (VSLs) of different provider types configured in a cluster and no default VSL is set | ||
|
||
When there are multiple VSLs in a cluster with different provider types, and none of them is set as default, Velero results in a validation error, making migrations fail. link:https://bugzilla.redhat.com/show_bug.cgi?id=2180565[(BZ#2180565)] |