20 Apr
2021
20 Apr
'21
8:56 a.m.
This is the 20th bugfix release in the Nautilus stable series. It
addresses a security vulnerability in the Ceph authentication framework.
We recommend users to update to this release. For a detailed release
notes with links & changelog please refer to the official blog entry at
https://ceph.io/releases/v14-2-20-nautilus-released
Security Fixes
--------------
* This release includes a security fix that ensures the global_id value
(a numeric value that should be unique for every authenticated client or
daemon in the cluster) is reclaimed after a network disconnect or ticket
renewal in a secure fashion. Two new health alerts may appear during
the upgrade indicating that there are clients or daemons that are not
yet patched with the appropriate fix.
Getting Ceph
------------
* Git at git://github.com/ceph/ceph.git
* Tarball at http://download.ceph.com/tarballs/ceph-14.2.20.tar.gz
* For packages, see http://docs.ceph.com/docs/master/install/get-packages/
* Release git sha1: 36274af6eb7f2a5055f2d53ad448f2694e9046a0
20 Apr
20 Apr
6:25 p.m.
New subject: [Ceph-maintainers] v14.2.20 Nautilus released
On Tue, Apr 20, 2021 at 2:01 AM David Galloway <dgallowa(a)redhat.com> wrote:
This is the 20th bugfix release in the Nautilus stable series. It
addresses a security vulnerability in the Ceph authentication framework.
We recommend users to update to this release. For a detailed release
notes with links & changelog please refer to the official blog entry at
https://ceph.io/releases/v14-2-20-nautilus-released
Security Fixes
--------------
* This release includes a security fix that ensures the global_id value
(a numeric value that should be unique for every authenticated client or
daemon in the cluster) is reclaimed after a network disconnect or ticket
renewal in a secure fashion. Two new health alerts may appear during
the upgrade indicating that there are clients or daemons that are not
yet patched with the appropriate fix.
The link in the blog entry should point at
https://docs.ceph.com/en/latest/security/CVE-2021-20288/
Please refer there for details and recommendations.
Thanks,
Ilya
6:30 p.m.
New subject: [ceph-users] Re: [Ceph-maintainers] v14.2.20 Nautilus released
On Tue, Apr 20, 2021 at 11:26 AM Ilya Dryomov <idryomov(a)gmail.com> wrote:
On Tue, Apr 20, 2021 at 2:01 AM David Galloway <dgallowa(a)redhat.com> wrote:
Thanks Ilya.
Is there any potential issue if clients upgrade before the cluster daemons?
(Our clients will likely get 14.2.20 before all the clusters have been
upgraded).
Cheers, Dan
This is the 20th bugfix release in the Nautilus stable series. It
addresses a security vulnerability in the Ceph authentication framework.
We recommend users to update to this release. For a detailed release
notes with links & changelog please refer to the official blog entry at
https://ceph.io/releases/v14-2-20-nautilus-released
Security Fixes
--------------
* This release includes a security fix that ensures the global_id value
(a numeric value that should be unique for every authenticated client or
daemon in the cluster) is reclaimed after a network disconnect or ticket
renewal in a secure fashion. Two new health alerts may appear during
the upgrade indicating that there are clients or daemons that are not
yet patched with the appropriate fix.
The link in the blog entry should point at
https://docs.ceph.com/en/latest/security/CVE-2021-20288/
Please refer there for details and recommendations.
7 p.m.
New subject: [ceph-users] Re: [Ceph-maintainers] v14.2.20 Nautilus released
On Tue, Apr 20, 2021 at 11:30 AM Dan van der Ster <dan(a)vanderster.com> wrote:
On Tue, Apr 20, 2021 at 11:26 AM Ilya Dryomov <idryomov(a)gmail.com> wrote:
No issue. Userspace clients would just start doing what is expected
by the protocol, same as kernel clients.
Ilya
On Tue, Apr 20, 2021 at 2:01 AM David Galloway <dgallowa(a)redhat.com> wrote:
Thanks Ilya.
Is there any potential issue if clients upgrade before the cluster daemons?
(Our clients will likely get 14.2.20 before all the clusters have been
upgraded).
This is the 20th bugfix release in the Nautilus stable series. It
addresses a security vulnerability in the Ceph authentication framework.
We recommend users to update to this release. For a detailed release
notes with links & changelog please refer to the official blog entry at
https://ceph.io/releases/v14-2-20-nautilus-released
Security Fixes
--------------
* This release includes a security fix that ensures the global_id value
(a numeric value that should be unique for every authenticated client or
daemon in the cluster) is reclaimed after a network disconnect or ticket
renewal in a secure fashion. Two new health alerts may appear during
the upgrade indicating that there are clients or daemons that are not
yet patched with the appropriate fix.
The link in the blog entry should point at
https://docs.ceph.com/en/latest/security/CVE-2021-20288/
Please refer there for details and recommendations.
1105
days inactive
1106
days old
3 comments
3 participants
participants (3)
-
Dan van der Ster -
David Galloway -
Ilya Dryomov