Stay Informed
This week, read about:
- LibreOffice 7.6 Arrives: Open Source Stalwart is Showing Its Maturity.
- Welcome New Repositories for AlmaLinux OS: Testing and Synergy.
- Unit 1.31.0 Released.
- AMD Shares The Technical Details of Technology Powering Innovative Confidential Computing Leadership Cloud Offerings.
Key Security, Maintenance, and Features Releases
Security Based Updates
Gitlab 16.3.1
Fixed (1 change):
- [Geo: Resync direct upload object stored artifacts] **GitLab Enterprise Edition**
Security (11 changes):
- [Add authorization checks to import status endpoint]
- [Update commonmarker to 0.23.10]
- [Remove DAST secret variables when URL is updated]
- [Maintainer can leak sentry token by changing the configured URL]
- [Service account users are external by default]
- [Additional permission check when editing label]
- [Fix ReDOS in bulk_imports endpoint params]
- [Prevent namespace level banned users from accessing API]
- [Check prohibit_outer_forks in fork relationship api]
- [Prevent traversal for `path` parameter in refs/switch endpoint]
- [Gitaly keyset pager when pagination none only with tree view]
Security Based Updates
Docker Compose Engine 2.21.0
Features:
- Support for multi-document YAML files.
- Experimental support for loading remote Compose files from Git repos with include.
Fixes:
- Fix for incorrect proxy variables during build.
- Fix for truncated container logs.
- Fix for "no such service" errors when using include and profiles.
- Fix for .env overrides when using include.
Grafana 10.1.1
Features and Enhancements:
- Loki: Remove distinct operation.
- Whitelabeling: Add a config option to hide the Grafana edition from the footer.
- Alerting: Optimize rule details page data fetching.
- Alerting: Optimize external Loki queries.
Bug Fixes:
- Alerting: Limit redis pool size to 5 and make configurable.
- Elasticsearch: Fix respecting of precision in geo hash grid.
- Dashboard: Fix Variable Dropdown to Enforce Minimum One Selection when 'All' Option is Configured.
- Chore: Fix Random Walk scenario for Grafana DS.
- AuthProxy: Fix user retrieval through cache.
- Alerting: Fix auto-completion snippets for KV properties.
- Alerting: Fix incorrect timing meta information for policy.
- Alerting: Add new Recording Rule button when the list is empty.
- Drawer: Clicking a Select arrow within a Drawer no longer causes it to close.
- Logs: Fix log samples not present with empty first frame.
- Alerting: Fix Recording Rule QueryEditor builder view.
- Transforms: Catch errors while running transforms.
- Dashboard: Fix version restore.
- Logs: Fix permalinks not scrolling into view.
- SqlDataSources: Update metricFindQuery to pass on scopedVars to templateSrv.
- Rendering: Fix dashboard screenshot.
- Loki: Fix validation of step values to also allow e.g. ms values.
- Dashboard: Fix repeated row panel placement with larger number of rows.
- CodeEditor: Correctly fires onChange handler.
- Drawer: Fix scrolling drawer content on Safari.
- Alerting: Remove dump wrapper for yaml config.
- Alerting: Always invalidate the AM config after mutation.
- Slug: Combine various slugify fixes for special character handling.
- Logs: Fix displaying the wrong field as body.
- Alerting: Fix "see graph button" for cloud rules.
Jenkins 2.421
- Add a nicer 404 error page.
- Add appearance system configuration page.
- Optimize performance of label parsing.
- Fix invalid CSS which caused some buttons to become invisible on hover.
- Message no longer appears twice when the agentLog option is used.
MongoDB 7.0.1
Security:
SERVER-78723: Resharding a QE collection fails because of __safeContent__
SERVER-78830: Add count of CSFLE and QE Collections to serverStatus
SERVER-79641: Mirrored read should attach encryptionInformation from the original command
Sharding:
SERVER-62987: Wrong replication logic on refreshes on secondary nodes
SERVER-67529: Resharding silently skips documents with all MaxKey values for their fields under the new shard key pattern
SERVER-78913: Make the periods of query sampling periodic jobs configurable at runtime
Query:
SERVER-80256: QueryPlannerAnalysis::explodeForSort should not assume that index scans produce disjoint results
Internals:
SERVER-71627: Refreshed cached collection route info will severely block all client request when a cluster with 1 million chunks
SERVER-73866: Re-enable agg_merge_when_not_matched_insert.js in config_fuzzer passthrough suites
SERVER-74701: Add checksum verification for blackduck installer
SERVER-75120: libunwind stacktrace issues with --dbg=on on arm64
SERVER-76299: Report writeConflicts in serverStatus on secondaries
SERVER-76339: Increase ShardedClusterFixture's timeout when starting/stopping balancer
SERVER-76433: Copy search_view.js test from 5.0 to all later branches
SERVER-77029: Set syncdelay in TestOplogTruncation before starting the checkpoint thread
SERVER-77183: $project followed by $group gives incorrect results sometimes
SERVER-77223: dbcheck_detects_data_corruption.js needs to wait for primary to log healthlog entry
SERVER-77382: Null embedded metaField for creating a time-series collection leads to invalid BSON index spec
SERVER-77823: Pseudocode for throughput probing
SERVER-78095: Relax the assertion checking for update_multifield_multiupdate.js FSM workload
SERVER-78217: Renaming view return wrong error on sharded cluster (2nd attempt)
SERVER-78369: ignoreUnknownIndexOptions doesn't account for the 'weights' index field
SERVER-78498: Make the balancer failpoint smarter
SERVER-78525: Update jstests/noPassthrough/metadata_size_estimate.js to use a smaller document size
SERVER-78696: Only clear shard filtering metadata before releasing the critical section in collmod participants
SERVER-78769: The asynchronous stop sequence of the Balancer may survive the shutdown of the mongod (and raise false memory leak notifications).
SERVER-78813: Commit point propagation fails indefinitely with exhaust cursors with null lastCommitted optime
SERVER-78862: Fix serialization of nested $elemMatch's
SERVER-78950: Use sequential time series bucket IDs when possible
SERVER-79021: Update Boost's entry in README.third_party.md to 1.79.0
SERVER-79022: Update ASIO's Git hash in README.third_party.md
SERVER-79023: Update C-Ares' entry in README.third_party.md to 1.19.1
SERVER-79033: Image collection invalidation for missing namespace during initial sync always attempts upsert
SERVER-79082: Make analyzeShardKey tests not assert number of orphaned documents <= total number of documents
SERVER-79103: Core dumps are not generated if stopping balancer fails
SERVER-79126: Pin pyyaml in another place
SERVER-79138: Fix data race in AuthorizationSessionTest fixture
SERVER-79236: Server cannot start in standalone if there are cluster parameters
SERVER-79252: Add the system-perf bootstrap file to the task Files section
SERVER-79261: Add logging to ping monitor
SERVER-79316: [7.0] Do not run packager on dynamically linked variants
SERVER-79357: CheckMetadataConsistency is not reading chunks with snapshot read concern
SERVER-79370: Throughput probing statistics not always updated correctly
SERVER-79372: Fix incorrect assertion about number of cursors opened
SERVER-79382: Reset bucket OID counter when encountering a collision
SERVER-79397: Fix and test logic to internally retry time series inserts on OID collision
SERVER-79447: The balancer stop sequence may cause the config server to crash on step down
SERVER-79509: Add testing of transitional FCVs with removeShard and transitionToDedicatedConfigServer
SERVER-79515: Update task generator
SERVER-79607: ShardRegistry shutdown should not wait indefinitely on outstanding network requests
SERVER-79609: Fix findAndModify_upsert.js test to accept StaleConfig error
SERVER-79651: Only use two node replicasets in initial sync performance tests
SERVER-79777: Increase the diff window for the sample size in sample_rate_sharded.js
SERVER-79885: Oplog fetching getMore should not set null lastKnownCommittedOpTime if it is not using exhaust cursors
SERVER-79937: Avoid majority reads within the BalancerDefragmentationPolicy
SERVER-79944: Make analyze_shard_key.js not assert that the number of sampled queries observed via analyzeShardKey and $listSampledQueries is non-decreasing
SERVER-79950: Fix commitPreparedTransaction to not be interruptible in commitSplitTxn and reacquireTicket
SERVER-79981: resize_tickets.js fails in Fixed Concurrent Transactions test suite
SERVER-80153: UBsan core dumps are not being uploaded properly
SERVER-80183: Remove operationTime check from store_retryable_find_and_modify_images_in_side_collection.js
SERVER-80207: Use 4-byte counter for tracking time series bucket direct writes
WT-10714: Select an explicitly labeled perf distro for performance tests
WT-11202: Remove the connection level operation_timeout_ms configuration
WT-11221: Python tests fails due to unexpected "Eviction took more than 1 minute" warning in standard output
WT-11312: Fix incorrect flag check for accurate force eviction stat
WT-11359: Update spinlock tasks to limit disk usage
WT-11419: Increment cc_pages_removed when detecting a deleted page to remove
PHP Interpreter 8.2.10
CLI:
Fixed bug GH-11716 (cli server crashes on SIGINT when compiled with ZEND_RC_DEBUG=1).
Fixed bug GH-10964 (Improve man page about the built-in server).
Date:
Fixed bug GH-11416 (Crash with DatePeriod when uninitialised objects are passed in).
Core:
Fixed strerror_r detection at configuration time.
Fixed trait typed properties using a DNF type not being correctly bound.
Fixed trait property types not being arena allocated if copied from an internal trait.
Fixed deep copy of property DNF type during lazy class load.
Fixed memory freeing of DNF types for non arena allocated types.
DOM:
Fix DOMEntity field getter bugs.
Fix incorrect attribute existence check in DOMElement::setAttributeNodeNS.
Fix DOMCharacterData::replaceWith() with itself.
Fix empty argument cases for DOMParentNode methods.
Fixed bug GH-11791 (Wrong default value of DOMDocument::xmlStandalone).
Fix json_encode result on DOMDocument.
Fix manually calling __construct() on DOM classes.
Fixed bug GH-11830 (ParentNode methods should perform their checks upfront).
Fix viable next sibling search for replaceWith.
Fix segfault when DOMParentNode::prepend() is called when the child disappears.
FFI:
Fix leaking definitions when using FFI::cdef()->new(...).
Hash:
Fix use-of-uninitialized-value in hash_pbkdf2(), fix missing $options parameter in signature.
MySQLnd:
Fixed bug GH-11440 (authentication to a sha256_password account fails over SSL).
Fixed bug GH-11438 (mysqlnd fails to authenticate with sha256_password accounts using passwords longer than 19 characters).
Fixed bug GH-11550 (MySQL Statement has a empty query result when the response field has changed, also Segmentation fault).
Fixed invalid error message "Malformed packet" when connection is dropped.
Opcache:
Fixed bug GH-11715 (opcache.interned_strings_buffer either has no effect or opcache_get_status() / phpinfo() is wrong).
Avoid adding an unnecessary read-lock when loading script from shm if restart is in progress.
PCNTL:
Revert behaviour of receiving SIGCHLD signals back to the behaviour before 8.1.22.
SPL:
Fixed bug #81992 (SplFixedArray::setSize() causes use-after-free).
Standard:
Prevent int overflow on $decimals in number_format.
Fixed bug GH-11870 (Fix off-by-one bug when truncating tempnam prefix) (athos-ribeiro)
Ceph 16.2.14
backport PR #39607
blk/kernel: Fix error code mapping in KernelDevice::read
blk/KernelDevice: Modify the rotational and discard check log message
build: Remove ceph-libboost* packages in install-deps
ceph-volume: fix a bug in get_lvm_fast_allocs() (batch)
ceph-volume: fix batch refactor issue
ceph-volume: fix drive-group issue that expects the batch_args to be a string
ceph-volume: quick fix in zap.py
ceph-volume: set lvm membership for mpath type devices
ceph_test_rados_api_watch_notify: extend Watch3Timeout test
ceph_volume: support encrypted volumes for lvm new-db/new-wal/migrate commands
cephadm: eliminate duplication of sections
cephadm: mount host /etc/hosts for daemon containers in podman deployments
cephadm: reschedule haproxy from an offline host
cephadm: using ip instead of short hostname for prometheus urls
cephfs-top: check the minimum compatible python version
cephfs-top: dump values to stdout and -d [--delay] option fix
cephfs-top: navigate to home screen when no fs
cephfs-top: Some fixes in choose_field() for sorting
client: clear the suid/sgid in fallocate path
client: do not dump mds twice in Inode::dump()
client: do not send metrics until the MDS rank is ready
client: force sending cap revoke ack always
client: only wait for write MDS OPs when unmounting
client: trigger to flush the buffer when making snapshot
client: use deep-copy when setting permission during make_request
client: wait rename to finish
cls/queue: use larger read chunks in queue_list_entries
common/crc32c_aarch64: fix crc32c unittest failed on aarch64
common/TrackedOp: fix osd reboot optracker coredump
common: notify all when max backlog reached in OutputDataSocket
common: Use double instead of long double to improve performance
Consider setting “bulk” autoscale pool flag when automatically creating a data pool for CephFS
debian: install cephfs-mirror systemd unit files and man page
do not evict clients if OSDs are laggy
doc/cephadm: Revert “doc/cephadm: update about disabling logging to journald for quincy”
doc/cephfs: edit fs-volumes.rst (1 of x)
doc/cephfs: explain cephfs data and metadata set
doc/cephfs: fix prompts in fs-volumes.rst
doc/cephfs: line-edit “Mirroring Module”
doc/cephfs: rectify prompts in fs-volumes.rst
doc/cephfs: repairing inaccessible FSes
doc/dev/encoding.txt: update per std::optional
doc/glossary: update bluestore entry
doc/mgr: edit “leaderboard” in telemetry.rst
doc/mgr: update prompts in prometheus.rst
doc/rados/operations: Acting Set question
doc/rados/operations: Fix erasure-code-jerasure.rst fix
doc/rados/ops: edit user-management.rst (3 of x)
doc/rados: edit balancer.rst
doc/rados: edit bluestore-config-ref.rst (1 of x)
doc/rados: edit bluestore-config-ref.rst (2 of x)
doc/rados: edit data-placement.rst
doc/rados: edit devices.rst
doc/rados: edit filestore-config-ref.rst
doc/rados: edit stretch-mode procedure
doc/rados: edit stretch-mode.rst
doc/rados: edit stretch-mode.rst
doc/rados: edit user-management (2 of x)
doc/rados: fix link in common.rst
doc/rados: line-edit devices.rst
doc/rados: m-config-ref: edit “background”
doc/rados: stretch-mode.rst (other commands)
doc/rados: stretch-mode: stretch cluster issues
doc/radosgw: explain multisite dynamic sharding
doc/radosgw: rabbitmq - push-endpoint edit
doc/start/os-recommendations: drop 4.14 kernel and reword guidance
doc/start: edit first 150 lines of documenting-ceph
doc/start: fix “Planet Ceph” link
doc/start: KRBD feature flag support note
doc/start: rewrite intro paragraph
doc: add link to “documenting ceph” to index.rst
doc: Add missing ceph command in documentation section REPLACING A…
doc: deprecate the cache tiering
doc: document the relevance of mds_namespace mount option
doc: explain cephfs mirroring peer_add step in detail
doc: Update jerasure.org references
doc: update multisite doc
doc: Use ceph osd crush tree command to display weight set weights
kv/RocksDBStore: Add CompactOnDeletion support
kv/RocksDBStore: cumulative backport for rm_range_keys and around (
kv/RocksDBStore: don’t use real wholespace iterator for prefixed access
librados: aio operate functions can set times
librbd/managed_lock/GetLockerRequest: Fix no valid lockers case
librbd: avoid decrementing iterator before first element
librbd: avoid object map corruption in snapshots taken under I/O
librbd: don’t wait for a watch in send_acquire_lock() if client is blocklisted
librbd: localize snap_remove op for mirror snapshots
librbd: remove previous incomplete primary snapshot after successfully creating a new one
log: writes to stderr (pipe) may not be atomic
MDS imported_inodes metric is not updated
mds: adjust cap acquisition throttles
mds: allow unlink from lost+found directory
mds: display sane hex value (0x0) for empty feature bit
mds: do not send split_realms for CEPH_SNAP_OP_UPDATE msg
mds: do not take the ino which has been used
mds: fix cpu_profiler asok crash
mds: fix stray evaluation using scrub and introduce new option
mds: Fix the linkmerge assert check
mds: force replay sessionmap version
mds: make num_fwd and num_retry to __u32
mds: MDLog::_recovery_thread: handle the errors gracefully
mds: rdlock_path_xlock_dentry supports returning auth target inode
mds: record and dump last tid for trimming completed requests (or flushes)
mds: skip forwarding request if the session were removed
mds: update mdlog perf counters during replay
mds: wait for unlink operation to finish
mds: wait reintegrate to finish when unlinking
mgr/cephadm: Adding --storage.tsdb.retention.size prometheus option
mgr/cephadm: don’t try to write client/os tuning profiles to known offline hosts
mgr/cephadm: support for miscellaneous config files for daemons
mgr/dashboard: allow PUT in CORS
mgr/dashboard: API docs UI does not work with Angular dev server
mgr/dashboard: expose more grafana configs in service form
mgr/dashboard: Fix broken Fedora image URL
mgr/dashboard: Fix rbd snapshot creation
mgr/dashboard: fix the rbd mirroring configure check
mgr/dashboard: move cephadm e2e cleanup to jenkins job config
mgr/dashboard: rbd-mirror force promotion
mgr/dashboard: skip Create OSDs step in Cluster expansion
mgr/dashboard: SSO error: AttributeError: ‘str’ object has no attribute ‘decode’
mgr/nfs: disallow non-existent paths when creating export
mgr/orchestrator: fix device size in orch device ls output
mgr/rbd_support: fixes related to recover from rados client blocklisting
mgr/snap_schedule: add debug log for paths failing snapshot creation
mgr/snap_schedule: catch all exceptions for cli
mgr/volumes: avoid returning -ESHUTDOWN back to cli
mgr: store names of modules that register RADOS clients in the MgrMap
MgrMonitor: batch commit OSDMap and MgrMap mutations
mon/ConfigMonitor: update crush_location from osd entity
mon/MDSMonitor: batch last_metadata update with pending
mon/MDSMonitor: check fscid in pending exists in current
mon/MDSMonitor: do not propose on error in prepare_update
mon/MDSMonitor: ignore extraneous up:boot messages
mon/MonClient: before complete auth with error, reopen session
mon: avoid exception when setting require-osd-release more than 2 versions up
mon: block osd pool mksnap for fs pools
Monitor: forward report command to leader
orchestrator: add --no-destroy arg to ceph orch osd rm
os/bluestore: allocator’s cumulative backport
os/bluestore: allow ‘fit_to_fast’ selector for single-volume osd
os/bluestore: cumulative bluefs backport
os/bluestore: don’t need separate variable to mark hits when lookup oid
os/bluestore: fix spillover alert
os/bluestore: proper override rocksdb::WritableFile::Allocate
os/bluestore: report min_alloc_size through “ceph osd metadata”
osd/OSDCap: allow rbd.metadata_list method under rbd-read-only profile
OSD: Fix check_past_interval_bounds()
pybind/argparse: blocklist ip validation
pybind/mgr/pg_autoscaler: Reorderd if statement for the func: _maybe_adjust
pybind: drop GIL during library callouts
python-common: drive_selection: fix KeyError when osdspec_affinity is not set
qa/rgw: add POOL_APP_NOT_ENABLED to log-ignorelist
qa/suites/rados: remove rook coverage from the rados suite
qa/suites/rbd: install qemu-utils in addition to qemu-block-extra on Ubuntu
qa/suites/upgrade/octopus-x: skip TestClsRbd.mirror_snapshot test
qa: check each fs for health
qa: data-scan/journal-tool do not output debugging in upstream testing
qa: fix cephfs-mirror unwinding and ‘fs volume create/rm’ order
qa: mirror tests should cleanup fs during unwind
qa: run scrub post file system recovery
qa: test_simple failure
qa: use parallel gzip for compressing logs
qa: wait for MDSMonitor tick to replace daemons
radosgw-admin: try reshard even if bucket is resharding
rbd-mirror: fix image replayer shut down description on force promote
rbd-mirror: fix race preventing local image deletion
rgw/rados: check_quota() uses real bucket owner
rgw/s3: dump Message field in Error response even if empty
rgw: avoid string_view to temporary in RGWBulkUploadOp
rgw: fix consistency bug with OLH objects
rgw: LDAP fix resource leak with wrong credentials
rgw: under fips & openssl 3.x allow md5 usage in select rgw ops
src/valgrind.supp: Adding know leaks unrelated to ceph
src/valgrind.supp: Adding know leaks unrelated to ceph
test: correct osd pool default size
test: monitor thrasher wait until quorum
tests: remove pubsub tests from multisite
tools/ceph-dencoder: Fix incorrect type define for trash_watcher
tools/ceph-kvstore-tool: fix segfaults when repair the rocksdb
tools/cephfs-data-scan: support for multi-datapool
vstart: check mgr status after starting mgr
Wip nitzan fixing few rados/test.sh
qa: add subvolume option flavors
Ansible AWX 23.0.0
- Revert "Improve performance for awx cli export
- Fixed typos
- Schedule rruleset fix related #13446
- Update python-tss-sdk dependency
- Fix UI_NEXT build process broken
- Fixed task and web docs
- Fix ui-next build step file path issue
- Added required epoc time field for Splunk HEC Event Receiver
- Fix edit constructed inventory hanging loading state
- Add location for locales in nginx config
- Update cryptography for CVE-2023-38325
- AAP-10891 Apply AWX_TASK_ENV when performing credential plugin lookups
- Enforce mutually exclusive options in credential module of the collection
- Clarify that the license module requires fetching subs prior
- Fix default redis url to pass check in redis-py>4.4
- Fix typo in description of scm_update_on_launch
- Fix CVE-2023-40267
- Touchup of PR body checks
- Hop nodes for k8s