diff options
Diffstat (limited to 'CHANGELOG')
| -rw-r--r-- | CHANGELOG | 20 |
1 files changed, 19 insertions, 1 deletions
@@ -1,4 +1,22 @@ -swift (2.28.0) +swift (2.28.1, xena stable backports) + * Fixed a security issue in how `s3api` handles XML parsing that allowed + authenticated S3 clients to read arbitrary files from proxy servers. + Refer to CVE-2022-47950 for more information. + + * Constant-time string comparisons are now used when checking S3 API + signatures. + + * Fixed a path-rewriting bug introduced in Python 3.7.14, 3.8.14, 3.9.14, + and 3.10.6 that could cause some `domain_remap` requests to be routed to + the wrong object. + + * Improved compatibility with certain FIPS-mode-enabled systems. + + * Ensure that non-durable data and .meta files are purged from handoffs + after syncing. + + +swift (2.28.0, OpenStack Xena) * Sharding improvements: |