Stay Informed

This week, read about:

Key Security, Maintenance, and Features Releases

Security Based Updates

Gitlab 16.3.1          
Fixed (1 change):          
- [Geo: Resync direct upload object stored artifacts] **GitLab Enterprise Edition**

Security (11 changes):          
- [Add authorization checks to import status endpoint]          
- [Update commonmarker to 0.23.10]          
- [Remove DAST secret variables when URL is updated]          
- [Maintainer can leak sentry token by changing the configured URL]          
- [Service account users are external by default]          
- [Additional permission check when editing label]          
- [Fix ReDOS in bulk_imports endpoint params]          
- [Prevent namespace level banned users from accessing API]          
- [Check prohibit_outer_forks in fork relationship api]          
- [Prevent traversal for `path` parameter in refs/switch endpoint]          
- [Gitaly keyset pager when pagination none only with tree view]

Security Based Updates

Docker Compose Engine 2.21.0         
Features:         
- Support for multi-document YAML files.         
- Experimental support for loading remote Compose files from Git repos with include.

Fixes:         
- Fix for incorrect proxy variables during build.         
- Fix for truncated container logs.         
- Fix for "no such service" errors when using include and profiles.         
- Fix for .env overrides when using include.

Grafana 10.1.1        
Features and Enhancements:        
- Loki: Remove distinct operation.        
- Whitelabeling: Add a config option to hide the Grafana edition from the footer.        
- Alerting: Optimize rule details page data fetching.        
- Alerting: Optimize external Loki queries.

 Bug Fixes:        
- Alerting: Limit redis pool size to 5 and make configurable.        
- Elasticsearch: Fix respecting of precision in geo hash grid.        
- Dashboard: Fix Variable Dropdown to Enforce Minimum One Selection when 'All' Option is Configured.        
- Chore: Fix Random Walk scenario for Grafana DS.        
- AuthProxy: Fix user retrieval through cache.        
- Alerting: Fix auto-completion snippets for KV properties.        
- Alerting: Fix incorrect timing meta information for policy.        
- Alerting: Add new Recording Rule button when the list is empty.        
- Drawer: Clicking a Select arrow within a Drawer no longer causes it to close.        
- Logs: Fix log samples not present with empty first frame.        
- Alerting: Fix Recording Rule QueryEditor builder view.        
- Transforms: Catch errors while running transforms.        
- Dashboard: Fix version restore.        
- Logs: Fix permalinks not scrolling into view.        
- SqlDataSources: Update metricFindQuery to pass on scopedVars to templateSrv.        
- Rendering: Fix dashboard screenshot.        
- Loki: Fix validation of step values to also allow e.g. ms values.        
- Dashboard: Fix repeated row panel placement with larger number of rows.        
- CodeEditor: Correctly fires onChange handler.        
- Drawer: Fix scrolling drawer content on Safari.        
- Alerting: Remove dump wrapper for yaml config.        
- Alerting: Always invalidate the AM config after mutation.        
- Slug: Combine various slugify fixes for special character handling.        
- Logs: Fix displaying the wrong field as body.        
- Alerting: Fix "see graph button" for cloud rules.

Jenkins 2.421       
- Add a nicer 404 error page.       
- Add appearance system configuration page.       
- Optimize performance of label parsing.       
- Fix invalid CSS which caused some buttons to become invisible on hover.       
- Message no longer appears twice when the agentLog option is used.

MongoDB 7.0.1      
Security:      
SERVER-78723: Resharding a QE collection fails because of __safeContent__      
SERVER-78830: Add count of CSFLE and QE Collections to serverStatus      
SERVER-79641: Mirrored read should attach encryptionInformation from the original command

Sharding:      
SERVER-62987: Wrong replication logic on refreshes on secondary nodes      
SERVER-67529: Resharding silently skips documents with all MaxKey values for their fields under the new shard key pattern      
SERVER-78913: Make the periods of query sampling periodic jobs configurable at runtime

Query:      
SERVER-80256: QueryPlannerAnalysis::explodeForSort should not assume that index scans produce disjoint results

Internals:      
SERVER-71627: Refreshed cached collection route info will severely block all client request when a cluster with 1 million chunks      
SERVER-73866: Re-enable agg_merge_when_not_matched_insert.js in config_fuzzer passthrough suites      
SERVER-74701: Add checksum verification for blackduck installer      
SERVER-75120: libunwind stacktrace issues with --dbg=on on arm64      
SERVER-76299: Report writeConflicts in serverStatus on secondaries      
SERVER-76339: Increase ShardedClusterFixture's timeout when starting/stopping balancer      
SERVER-76433: Copy search_view.js test from 5.0 to all later branches      
SERVER-77029: Set syncdelay in TestOplogTruncation before starting the checkpoint thread      
SERVER-77183: $project followed by $group gives incorrect results sometimes      
SERVER-77223: dbcheck_detects_data_corruption.js needs to wait for primary to log healthlog entry      
SERVER-77382: Null embedded metaField for creating a time-series collection leads to invalid BSON index spec      
SERVER-77823: Pseudocode for throughput probing      
SERVER-78095: Relax the assertion checking for update_multifield_multiupdate.js FSM workload      
SERVER-78217: Renaming view return wrong error on sharded cluster (2nd attempt)      
SERVER-78369: ignoreUnknownIndexOptions doesn't account for the 'weights' index field      
SERVER-78498: Make the balancer failpoint smarter      
SERVER-78525: Update jstests/noPassthrough/metadata_size_estimate.js to use a smaller document size      
SERVER-78696: Only clear shard filtering metadata before releasing the critical section in collmod participants      
SERVER-78769: The asynchronous stop sequence of the Balancer may survive the shutdown of the mongod (and raise false memory leak notifications).      
SERVER-78813: Commit point propagation fails indefinitely with exhaust cursors with null lastCommitted optime      
SERVER-78862: Fix serialization of nested $elemMatch's      
SERVER-78950: Use sequential time series bucket IDs when possible      
SERVER-79021: Update Boost's entry in README.third_party.md to 1.79.0      
SERVER-79022: Update ASIO's Git hash in README.third_party.md      
SERVER-79023: Update C-Ares' entry in README.third_party.md to 1.19.1      
SERVER-79033: Image collection invalidation for missing namespace during initial sync always attempts upsert      
SERVER-79082: Make analyzeShardKey tests not assert number of orphaned documents <= total number of documents      
SERVER-79103: Core dumps are not generated if stopping balancer fails      
SERVER-79126: Pin pyyaml in another place      
SERVER-79138: Fix data race in AuthorizationSessionTest fixture      
SERVER-79236: Server cannot start in standalone if there are cluster parameters      
SERVER-79252: Add the system-perf bootstrap file to the task Files section      
SERVER-79261: Add logging to ping monitor      
SERVER-79316: [7.0] Do not run packager on dynamically linked variants      
SERVER-79357: CheckMetadataConsistency is not reading chunks with snapshot read concern      
SERVER-79370: Throughput probing statistics not always updated correctly      
SERVER-79372: Fix incorrect assertion about number of cursors opened      
SERVER-79382: Reset bucket OID counter when encountering a collision      
SERVER-79397: Fix and test logic to internally retry time series inserts on OID collision      
SERVER-79447: The balancer stop sequence may cause the config server to crash on step down      
SERVER-79509: Add testing of transitional FCVs with removeShard and transitionToDedicatedConfigServer      
SERVER-79515: Update task generator      
SERVER-79607: ShardRegistry shutdown should not wait indefinitely on outstanding network requests      
SERVER-79609: Fix findAndModify_upsert.js test to accept StaleConfig error      
SERVER-79651: Only use two node replicasets in initial sync performance tests      
SERVER-79777: Increase the diff window for the sample size in sample_rate_sharded.js      
SERVER-79885: Oplog fetching getMore should not set null lastKnownCommittedOpTime if it is not using exhaust cursors      
SERVER-79937: Avoid majority reads within the BalancerDefragmentationPolicy      
SERVER-79944: Make analyze_shard_key.js not assert that the number of sampled queries observed via analyzeShardKey and $listSampledQueries is non-decreasing      
SERVER-79950: Fix commitPreparedTransaction to not be interruptible in commitSplitTxn and reacquireTicket      
SERVER-79981: resize_tickets.js fails in Fixed Concurrent Transactions test suite      
SERVER-80153: UBsan core dumps are not being uploaded properly      
SERVER-80183: Remove operationTime check from store_retryable_find_and_modify_images_in_side_collection.js      
SERVER-80207: Use 4-byte counter for tracking time series bucket direct writes      
WT-10714: Select an explicitly labeled perf distro for performance tests      
WT-11202: Remove the connection level operation_timeout_ms configuration      
WT-11221: Python tests fails due to unexpected "Eviction took more than 1 minute" warning in standard output      
WT-11312:  Fix incorrect flag check for accurate force eviction stat      
WT-11359:  Update spinlock tasks to limit disk usage      
WT-11419: Increment cc_pages_removed when detecting a deleted page to remove

PHP Interpreter 8.2.10     
CLI:     
Fixed bug GH-11716 (cli server crashes on SIGINT when compiled with ZEND_RC_DEBUG=1).     
Fixed bug GH-10964 (Improve man page about the built-in server).

Date:     
Fixed bug GH-11416 (Crash with DatePeriod when uninitialised objects are passed in).

Core:     
Fixed strerror_r detection at configuration time.     
Fixed trait typed properties using a DNF type not being correctly bound.     
Fixed trait property types not being arena allocated if copied from an internal trait.     
Fixed deep copy of property DNF type during lazy class load.     
Fixed memory freeing of DNF types for non arena allocated types.

DOM:     
Fix DOMEntity field getter bugs.     
Fix incorrect attribute existence check in DOMElement::setAttributeNodeNS.     
Fix DOMCharacterData::replaceWith() with itself.     
Fix empty argument cases for DOMParentNode methods.     
Fixed bug GH-11791 (Wrong default value of DOMDocument::xmlStandalone).     
Fix json_encode result on DOMDocument.     
Fix manually calling __construct() on DOM classes.     
Fixed bug GH-11830 (ParentNode methods should perform their checks upfront).     
Fix viable next sibling search for replaceWith.     
Fix segfault when DOMParentNode::prepend() is called when the child disappears.

FFI:     
Fix leaking definitions when using FFI::cdef()->new(...).

Hash:     
Fix use-of-uninitialized-value in hash_pbkdf2(), fix missing $options parameter in signature.

MySQLnd:     
Fixed bug GH-11440 (authentication to a sha256_password account fails over SSL).     
Fixed bug GH-11438 (mysqlnd fails to authenticate with sha256_password accounts using passwords longer than 19 characters).     
Fixed bug GH-11550 (MySQL Statement has a empty query result when the response field has changed, also Segmentation fault).    
Fixed invalid error message "Malformed packet" when connection is dropped.

Opcache:     
Fixed bug GH-11715 (opcache.interned_strings_buffer either has no effect or opcache_get_status() / phpinfo() is wrong).     
Avoid adding an unnecessary read-lock when loading script from shm if restart is in progress.

PCNTL:     
Revert behaviour of receiving SIGCHLD signals back to the behaviour before 8.1.22.

SPL:     
Fixed bug #81992 (SplFixedArray::setSize() causes use-after-free).

Standard:     
Prevent int overflow on $decimals in number_format.     
Fixed bug GH-11870 (Fix off-by-one bug when truncating tempnam prefix) (athos-ribeiro)

Ceph 16.2.14   
backport PR #39607   
blk/kernel: Fix error code mapping in KernelDevice::read   
blk/KernelDevice: Modify the rotational and discard check log message  
build: Remove ceph-libboost* packages in install-deps  
ceph-volume: fix a bug in get_lvm_fast_allocs() (batch)   
ceph-volume: fix batch refactor issue   
ceph-volume: fix drive-group issue that expects the batch_args to be a string   
ceph-volume: quick fix in zap.py   
ceph-volume: set lvm membership for mpath type devices   
ceph_test_rados_api_watch_notify: extend Watch3Timeout test   
ceph_volume: support encrypted volumes for lvm new-db/new-wal/migrate commands   
cephadm: eliminate duplication of sections   
cephadm: mount host /etc/hosts for daemon containers in podman deployments   
cephadm: reschedule haproxy from an offline host   
cephadm: using ip instead of short hostname for prometheus urls   
cephfs-top: check the minimum compatible python version   
cephfs-top: dump values to stdout and -d [--delay] option fix   
cephfs-top: navigate to home screen when no fs   
cephfs-top: Some fixes in choose_field() for sorting   
client: clear the suid/sgid in fallocate path   
client: do not dump mds twice in Inode::dump()   
client: do not send metrics until the MDS rank is ready   
client: force sending cap revoke ack always   
client: only wait for write MDS OPs when unmounting   
client: trigger to flush the buffer when making snapshot   
client: use deep-copy when setting permission during make_request   
client: wait rename to finish   
cls/queue: use larger read chunks in queue_list_entries   
common/crc32c_aarch64: fix crc32c unittest failed on aarch64   
common/TrackedOp: fix osd reboot optracker coredump   
common: notify all when max backlog reached in OutputDataSocket   
common: Use double instead of long double to improve performance   
Consider setting “bulk” autoscale pool flag when automatically creating a data pool for CephFS   
debian: install cephfs-mirror systemd unit files and man page   
do not evict clients if OSDs are laggy   
doc/cephadm: Revert “doc/cephadm: update about disabling logging to journald for quincy”   
doc/cephfs: edit fs-volumes.rst (1 of x)   
doc/cephfs: explain cephfs data and metadata set   
doc/cephfs: fix prompts in fs-volumes.rst   
doc/cephfs: line-edit “Mirroring Module”   
doc/cephfs: rectify prompts in fs-volumes.rst   
doc/cephfs: repairing inaccessible FSes   
doc/dev/encoding.txt: update per std::optional   
doc/glossary: update bluestore entry   
doc/mgr: edit “leaderboard” in telemetry.rst   
doc/mgr: update prompts in prometheus.rst   
doc/rados/operations: Acting Set question   
doc/rados/operations: Fix erasure-code-jerasure.rst fix   
doc/rados/ops: edit user-management.rst (3 of x)   
doc/rados: edit balancer.rst   
doc/rados: edit bluestore-config-ref.rst (1 of x)   
doc/rados: edit bluestore-config-ref.rst (2 of x)   
doc/rados: edit data-placement.rst   
doc/rados: edit devices.rst   
doc/rados: edit filestore-config-ref.rst   
doc/rados: edit stretch-mode procedure   
doc/rados: edit stretch-mode.rst   
doc/rados: edit stretch-mode.rst   
doc/rados: edit user-management (2 of x)   
doc/rados: fix link in common.rst   
doc/rados: line-edit devices.rst   
doc/rados: m-config-ref: edit “background”   
doc/rados: stretch-mode.rst (other commands)   
doc/rados: stretch-mode: stretch cluster issues  
doc/radosgw: explain multisite dynamic sharding  
doc/radosgw: rabbitmq - push-endpoint edit   
doc/start/os-recommendations: drop 4.14 kernel and reword guidance   
doc/start: edit first 150 lines of documenting-ceph   
doc/start: fix “Planet Ceph” link   
doc/start: KRBD feature flag support note   
doc/start: rewrite intro paragraph   
doc: add link to “documenting ceph” to index.rst   
doc: Add missing ceph command in documentation section REPLACING A…   
doc: deprecate the cache tiering   
doc: document the relevance of mds_namespace mount option   
doc: explain cephfs mirroring peer_add step in detail   
doc: Update jerasure.org references   
doc: update multisite doc   
doc: Use ceph osd crush tree command to display weight set weights   
kv/RocksDBStore: Add CompactOnDeletion support   
kv/RocksDBStore: cumulative backport for rm_range_keys and around (   
kv/RocksDBStore: don’t use real wholespace iterator for prefixed access   
librados: aio operate functions can set times   
librbd/managed_lock/GetLockerRequest: Fix no valid lockers case   
librbd: avoid decrementing iterator before first element   
librbd: avoid object map corruption in snapshots taken under I/O   
librbd: don’t wait for a watch in send_acquire_lock() if client is blocklisted   
librbd: localize snap_remove op for mirror snapshots   
librbd: remove previous incomplete primary snapshot after successfully creating a new one   
log: writes to stderr (pipe) may not be atomic   
MDS imported_inodes metric is not updated   
mds: adjust cap acquisition throttles   
mds: allow unlink from lost+found directory   
mds: display sane hex value (0x0) for empty feature bit   
mds: do not send split_realms for CEPH_SNAP_OP_UPDATE msg   
mds: do not take the ino which has been used   
mds: fix cpu_profiler asok crash   
mds: fix stray evaluation using scrub and introduce new option   
mds: Fix the linkmerge assert check   
mds: force replay sessionmap version   
mds: make num_fwd and num_retry to __u32   
mds: MDLog::_recovery_thread: handle the errors gracefully   
mds: rdlock_path_xlock_dentry supports returning auth target inode   
mds: record and dump last tid for trimming completed requests (or flushes)   
mds: skip forwarding request if the session were removed   
mds: update mdlog perf counters during replay   
mds: wait for unlink operation to finish   
mds: wait reintegrate to finish when unlinking   
mgr/cephadm: Adding --storage.tsdb.retention.size prometheus option   
mgr/cephadm: don’t try to write client/os tuning profiles to known offline hosts   
mgr/cephadm: support for miscellaneous config files for daemons   
mgr/dashboard: allow PUT in CORS   
mgr/dashboard: API docs UI does not work with Angular dev server   
mgr/dashboard: expose more grafana configs in service form   
mgr/dashboard: Fix broken Fedora image URL   
mgr/dashboard: Fix rbd snapshot creation   
mgr/dashboard: fix the rbd mirroring configure check   
mgr/dashboard: move cephadm e2e cleanup to jenkins job config   
mgr/dashboard: rbd-mirror force promotion   
mgr/dashboard: skip Create OSDs step in Cluster expansion   
mgr/dashboard: SSO error: AttributeError: ‘str’ object has no attribute ‘decode’   
mgr/nfs: disallow non-existent paths when creating export   
mgr/orchestrator: fix device size in orch device ls output   
mgr/rbd_support: fixes related to recover from rados client blocklisting   
mgr/snap_schedule: add debug log for paths failing snapshot creation   
mgr/snap_schedule: catch all exceptions for cli   
mgr/volumes: avoid returning -ESHUTDOWN back to cli   
mgr: store names of modules that register RADOS clients in the MgrMap   
MgrMonitor: batch commit OSDMap and MgrMap mutations   
mon/ConfigMonitor: update crush_location from osd entity   
mon/MDSMonitor: batch last_metadata update with pending   
mon/MDSMonitor: check fscid in pending exists in current   
mon/MDSMonitor: do not propose on error in prepare_update   
mon/MDSMonitor: ignore extraneous up:boot messages   
mon/MonClient: before complete auth with error, reopen session   
mon: avoid exception when setting require-osd-release more than 2 versions up   
mon: block osd pool mksnap for fs pools   
Monitor: forward report command to leader   
orchestrator: add --no-destroy arg to ceph orch osd rm   
os/bluestore: allocator’s cumulative backport   
os/bluestore: allow ‘fit_to_fast’ selector for single-volume osd   
os/bluestore: cumulative bluefs backport   
os/bluestore: don’t need separate variable to mark hits when lookup oid   
os/bluestore: fix spillover alert   
os/bluestore: proper override rocksdb::WritableFile::Allocate   
os/bluestore: report min_alloc_size through “ceph osd metadata”   
osd/OSDCap: allow rbd.metadata_list method under rbd-read-only profile   
OSD: Fix check_past_interval_bounds()   
pybind/argparse: blocklist ip validation   
pybind/mgr/pg_autoscaler: Reorderd if statement for the func: _maybe_adjust   
pybind: drop GIL during library callouts   
python-common: drive_selection: fix KeyError when osdspec_affinity is not set   
qa/rgw: add POOL_APP_NOT_ENABLED to log-ignorelist   
qa/suites/rados: remove rook coverage from the rados suite   
qa/suites/rbd: install qemu-utils in addition to qemu-block-extra on Ubuntu   
qa/suites/upgrade/octopus-x: skip TestClsRbd.mirror_snapshot test   
qa: check each fs for health   
qa: data-scan/journal-tool do not output debugging in upstream testing   
qa: fix cephfs-mirror unwinding and ‘fs volume create/rm’ order   
qa: mirror tests should cleanup fs during unwind   
qa: run scrub post file system recovery   
qa: test_simple failure   
qa: use parallel gzip for compressing logs   
qa: wait for MDSMonitor tick to replace daemons   
radosgw-admin: try reshard even if bucket is resharding   
rbd-mirror: fix image replayer shut down description on force promote   
rbd-mirror: fix race preventing local image deletion   
rgw/rados: check_quota() uses real bucket owner   
rgw/s3: dump Message field in Error response even if empty   
rgw: avoid string_view to temporary in RGWBulkUploadOp   
rgw: fix consistency bug with OLH objects   
rgw: LDAP fix resource leak with wrong credentials   
rgw: under fips & openssl 3.x allow md5 usage in select rgw ops   
src/valgrind.supp: Adding know leaks unrelated to ceph   
src/valgrind.supp: Adding know leaks unrelated to ceph   
test: correct osd pool default size   
test: monitor thrasher wait until quorum   
tests: remove pubsub tests from multisite   
tools/ceph-dencoder: Fix incorrect type define for trash_watcher   
tools/ceph-kvstore-tool: fix segfaults when repair the rocksdb   
tools/cephfs-data-scan: support for multi-datapool   
vstart: check mgr status after starting mgr   
Wip nitzan fixing few rados/test.sh   
qa: add subvolume option flavors

Ansible AWX 23.0.0 
- Revert "Improve performance for awx cli export 
- Fixed typos  
- Schedule rruleset fix related #13446 
- Update python-tss-sdk dependency 
- Fix UI_NEXT build process broken 
- Fixed task and web docs 
- Fix ui-next build step file path issue 
- Added required epoc time field for Splunk HEC Event Receiver 
- Fix edit constructed inventory hanging loading state 
- Add location for locales in nginx config 
- Update cryptography for CVE-2023-38325 
- AAP-10891 Apply AWX_TASK_ENV when performing credential plugin lookups 
- Enforce mutually exclusive options in credential module of the collection 
- Clarify that the license module requires fetching subs prior 
- Fix default redis url to pass check in redis-py>4.4 
- Fix typo in description of scm_update_on_launch 
- Fix CVE-2023-40267 
- Touchup of PR body checks 
- Hop nodes for k8s

View all OpenUpdate editions >