On Thu, Nov 19, 2020 at 3:39 AM David Galloway <dgallowa(a)redhat.com> wrote:
This is the 6th backport release in the Octopus series. This releases
fixes a security flaw affecting Messenger V2 for Octopus & Nautilus. We
recommend users to update to this release.
Notable Changes
---------------
* CVE 2020-25660: Fix a regression in Messenger V2 replay attacks
Correction: In Octopus, both Messenger v1 and Messenger v2 are
affected. The release note will be fixed in [1].
[1]
https://github.com/ceph/ceph/pull/38142
Thanks,
Ilya