Authors/ChangeLog for 2.30.12.30.1

Change-Id: I4786371314daa3f37e33f97defed43d1cec887ba
author: Tim Burke <tim.burke@gmail.com> 2023-01-30 13:24:20 -0800
committer: Tim Burke <tim.burke@gmail.com> 2023-01-30 15:23:08 -0800
commit: fbec7694e554252f685f82ff2a895f86ab5ae8b1 (patch)
tree: d1a1be4a06662a313cfc965dc143a2f3d1312a61
parent: 041cb672e8af71ba9622d22ed4c675f437b26753 (diff)
download: swift-fbec7694e554252f685f82ff2a895f86ab5ae8b1.tar.gz
4 files changed, 28 insertions, 2 deletions
diff --git a/.mailmap b/.mailmap
index aca9442b6..6cdf3a93c 100644
--- a/.mailmap
+++ b/.mailmap
@@ -134,3 +134,4 @@ Gilles Biannic <gilles.biannic@corp.ovh.com> gillesbiannic
 melissaml <ma.lei@99cloud.net> <malei@maleideMacBook-Pro.local>
 Ashwin Nair <nairashwin952013@gmail.com> indianwhocodes
 Romain de Joux <romain.de-joux@ovhcloud.com> <romain.de-joux@corp.ovh.com>
+Takashi Natsume <takanattie@gmail.com> <natsume.takashi@lab.ntt.co.jp>
diff --git a/AUTHORS b/AUTHORS
index f28613ad8..a035ea779 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -40,6 +40,7 @@ Aaron Rosen (arosen@nicira.com)
 Ade Lee (alee@redhat.com)
 Adrian Smith (adrian_f_smith@dell.com)
 Adrien Pensart (adrien.pensart@corp.ovh.com)
+afariasa (afariasa@redhat.com)
 Akihiro Motoki (amotoki@gmail.com)
 Akihito Takai (takaiak@nttdata.co.jp)
 Alex Gaynor (alex.gaynor@gmail.com)
@@ -399,7 +400,7 @@ Steve Martinelli (stevemar@ca.ibm.com)
 Steven Lang (Steven.Lang@hgst.com)
 Sushil Kumar (sushil.kumar2@globallogic.com)
 Takashi Kajinami (tkajinam@redhat.com)
-Takashi Natsume (natsume.takashi@lab.ntt.co.jp)
+Takashi Natsume (takanattie@gmail.com)
 TheSriram (sriram@klusterkloud.com)
 Thiago da Silva (thiagodasilva@gmail.com)
 Thibault Person (thibault.person@ovhcloud.com)
diff --git a/CHANGELOG b/CHANGELOG
index 08bed3d35..23832f2cf 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,4 +1,15 @@
-swift (2.30.0)
+swift (2.30.1, zed stable backports)
+
+    * Fixed a security issue in how `s3api` handles XML parsing that allowed
+      authenticated S3 clients to read arbitrary files from proxy servers.
+      Refer to CVE-2022-47950 for more information.
+
+    * Fixed a path-rewriting bug introduced in Python 3.7.14, 3.8.14, 3.9.14,
+      and 3.10.6 that could cause some `domain_remap` requests to be routed to
+      the wrong object.
+
+
+swift (2.30.0, OpenStack Zed)
 
     * Sharding improvements
 
diff --git a/releasenotes/notes/2_30_1_release-856dd70ec466aa74.yaml b/releasenotes/notes/2_30_1_release-856dd70ec466aa74.yaml
new file mode 100644
index 000000000..a9c13102d
--- /dev/null
+++ b/releasenotes/notes/2_30_1_release-856dd70ec466aa74.yaml
@@ -0,0 +1,13 @@
+---
+security:
+  - |
+    Fixed a security issue in how ``s3api`` handles XML parsing that allowed
+    authenticated S3 clients to read arbitrary files from proxy servers.
+    Refer to `CVE-2022-47950 <https://cve.circl.lu/cve/CVE-2022-47950>`__
+    for more information.
+
+fixes:
+  - |
+    Fixed a path-rewriting bug introduced in Python 3.7.14, 3.8.14, 3.9.14,
+    and 3.10.6 that could cause some ``domain_remap`` requests to be routed to
+    the wrong object.
author	Tim Burke <tim.burke@gmail.com>	2023-01-30 13:24:20 -0800
committer	Tim Burke <tim.burke@gmail.com>	2023-01-30 15:23:08 -0800
commit	fbec7694e554252f685f82ff2a895f86ab5ae8b1 (patch)
tree	d1a1be4a06662a313cfc965dc143a2f3d1312a61
parent	041cb672e8af71ba9622d22ed4c675f437b26753 (diff)
download	swift-fbec7694e554252f685f82ff2a895f86ab5ae8b1.tar.gz