Security Bugfix Release
·
3045 commits
to master
since this release
RELEASE.2021-12-27T07-23-18Z
This tag was signed with the committer’s verified signature.
Highlights
- Click here to download the latest version of MinIO.
- Click here for production support.
- Similar to release RELEASE.2021-11-24T23-19-33Z. Downgrades are not supported in this release for erasure-coded clusters, due to on-disk data format version bump - once upgraded erasure-coded clusters cannot be downgraded to the previous release. Please upgrade staging or testing environments first.
- Priviledge escalation issue fixed in this release refer to our security advisory on this vulnerability. All users are advised to upgrade if they are public facing deployment. CVE-2021-43858
- Healing of shards that do not have aligned padding issue are fixed automatically in two locations one in "healing" and another during a "GetObject()" call - refer #13978, #13945
- Multi-pool setup should purge the dangling objects properly.
What's Changed
- Move last remaining IAM notification calls into IAMSys methods by @donatello in #13941
- skip inconsistent shards if possible by @harshavardhana in #13945
- return a meaningful error for disabled users by @harshavardhana in #13968
- Limit mySQL key size to 3K by @klauspost in #13974
- add configurable delta for skipping shards by @harshavardhana in #13967
- fix: user privilege escalation bug by @donatello in #13976
- simplify logger time and avoid possible crashes by @harshavardhana in #13986
- add healing for invalid shards by skipping the blocks by @harshavardhana in #13978
- fix: healing across pools removing dangling objects by @harshavardhana in #13990
- trim values from environment files by @harshavardhana in #13991
Full Changelog: RELEASE.2021-12-20T22-07-16Z...RELEASE.2021-12-27T07-23-18Z
Contributors
donatello, harshavardhana, and klauspost