Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions migration_toolkit_for_containers/mtc-release-notes.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ You can migrate from xref:../migrating_from_ocp_3_to_4/about-migrating-from-3-to

For information on the support policy for {mtc-short}, see link:https://access.redhat.com/support/policy/updates/openshift#app_migration[OpenShift Application and Cluster Migration Solutions], part of the _Red Hat {product-title} Life Cycle Policy_.

include::modules/migration-mtc-release-notes-1-8-2.adoc[leveloffset=+1]
include::modules/migration-mtc-release-notes-1-8-1.adoc[leveloffset=+1]
include::modules/migration-mtc-release-notes-1-8.adoc[leveloffset=+1]
include::modules/migration-mtc-release-notes-1-7-14.adoc[leveloffset=+1]
Expand Down
33 changes: 33 additions & 0 deletions modules/migration-mtc-release-notes-1-8-2.adoc
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
// Module included in the following assemblies:
//
// * migration_toolkit_for_containers/mtc-release-notes.adoc
:_mod-docs-content-type: REFERENCE
[id="migration-mtc-release-notes-1-8-2_{context}"]
= {mtc-full} 1.8.2 release notes

[id="resolved-issues-1-8-2_{context}"]
== Resolved issues

This release has the following major resolved issues:

.Backup phase fails after setting custom CA replication repository

In previous releases of {mtc-full} ({mtc-short}), after editing the replication repository, adding a custom CA certificate, successfully connecting the repository, and triggering a migration, a failure occurred during the backup phase.

.CVE-2023-26136: tough-cookie package before 4.1.3 are vulnerable to Prototype Pollution

In previous releases of ({mtc-short}), versions before 4.1.3 of the `tough-cookie` package used in {mtc-short} were vulnerable to prototype pollution. This vulnerability occurred because CookieJar did not handle cookies properly when the value of the `rejectPublicSuffixes` was set to `false`.

For more details, see link:https://access.redhat.com/security/cve/cve-2023-26136[(CVE-2023-26136)]

.CVE-2022-25883 openshift-migration-ui-container: nodejs-semver: Regular expression denial of service

In previous releases of ({mtc-short}), versions of the `semver` package before 7.5.2, used in {mtc-short}, were vulnerable to Regular Expression Denial of Service (ReDoS) from the function `newRange`, when untrusted user data was provided as a range.

For more details, see link:https://access.redhat.com/security/cve/cve-2022-25883[(CVE-2022-25883)]


[id="known-issues-1-8-2_{context}"]
== Known issues

There are no major known issues in this release.
25 changes: 25 additions & 0 deletions modules/migration-mtc-release-notes-1-8.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,31 @@ In this release, on migrating an application including a `BuildConfig` from a so
In this release, after enabling `Require SSL verification` and adding content to the CA bundle file for an MCG NooBaa bucket in MigStorage, the connection fails as expected. However, when reverting these changes by removing the CA bundle content and clearing `Require SSL verification`, the connection still fails. The issue is only resolved by deleting and re-adding the repository. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2240052[*BZ#2240052*])


.Backup phase fails after setting custom CA replication repository

In ({mtc-short}), after editing the replication repository, adding a custom CA certificate, successfully connecting the repository, and triggering a migration, a failure occurs during the backup phase.

This issue is resolved in {mtc-short} 1.8.2.


.CVE-2023-26136: tough-cookie package before 4.1.3 are vulnerable to Prototype Pollution

Versions before 4.1.3 of the `tough-cookie` package, used in {mtc-short}, are vulnerable to prototype pollution. This vulnerability occurs because CookieJar does not handle cookies properly when the value of the `rejectPublicSuffixes` is set to `false`.

This issue is resolved in {mtc-short} 1.8.2.

For more details, see link:https://access.redhat.com/security/cve/cve-2023-26136[(CVE-2023-26136)]


.CVE-2022-25883 openshift-migration-ui-container: nodejs-semver: Regular expression denial of service

In previous releases of ({mtc-short}), versions of the `semver` package before 7.5.2, used in {mtc-short}, are vulnerable to Regular Expression Denial of Service (ReDoS) from the function `newRange`, when untrusted user data is provided as a range.

This issue is resolved in {mtc-short} 1.8.2.

For more details, see link:https://access.redhat.com/security/cve/cve-2022-25883[(CVE-2022-25883)]


[id="technical-changes-1-8_{context}"]
== Technical changes

Expand Down