From b1916f81e2a598b41ab7281259c78715d7e46955 Mon Sep 17 00:00:00 2001 From: Tim Burke Date: Mon, 30 Jan 2023 13:24:20 -0800 Subject: Authors/ChangeLog for 2.28.1 Drop the openstacksdk-functional-devstack for now, as it's currently broken and immediate attempts to fix it have not succeeded. Change-Id: Ic21cf8ab9e7abce4eabcfa57c49de6d2d011608e --- .zuul.yaml | 6 ++++++ AUTHORS | 3 +++ CHANGELOG | 20 +++++++++++++++++- .../notes/2_28_1_release-f71f8c034dd44ce7.yaml | 24 ++++++++++++++++++++++ 4 files changed, 52 insertions(+), 1 deletion(-) create mode 100644 releasenotes/notes/2_28_1_release-f71f8c034dd44ce7.yaml diff --git a/.zuul.yaml b/.zuul.yaml index 63fe83a53..9cd219cd3 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -718,6 +718,9 @@ irrelevant-files: *tempest-irrelevant-files - grenade: irrelevant-files: *tempest-irrelevant-files + - openstacksdk-functional-devstack: + irrelevant-files: *tempest-irrelevant-files + voting: false gate: jobs: # For gate jobs, err towards running more jobs (so, generally avoid @@ -758,6 +761,9 @@ irrelevant-files: *tempest-irrelevant-files - grenade: irrelevant-files: *tempest-irrelevant-files + - openstacksdk-functional-devstack: + irrelevant-files: *tempest-irrelevant-files + voting: false experimental: jobs: - swift-tox-py27-centos-7 diff --git a/AUTHORS b/AUTHORS index bc59baf2d..678564c96 100644 --- a/AUTHORS +++ b/AUTHORS @@ -63,6 +63,7 @@ aolivo (aolivo@blizzard.com) Arnaud JOST (arnaud.jost@ovh.net) arzhna (arzhna@gmail.com) Atsushi Sakai (sakaia@jp.fujitsu.com) +Aymeric Ducroquetz (aymeric.ducroquetz@ovhcloud.com) Azhagu Selvan SP (tamizhgeek@gmail.com) baiwenteng (baiwenteng@inspur.com) Ben Keller (bjkeller@us.ibm.com) @@ -267,6 +268,7 @@ liujiong (liujiong@gohighsec.com) liuyamin (liuyamin@fiberhome.com) Lokesh S (lokesh.s@hp.com) Lorcan Browne (lorcan.browne@hpe.com) +Luciano Lo Giudice (luciano.logiudice@canonical.com) Luis de Bethencourt (luis@debethencourt.com) Luong Anh Tuan (tuanla@vn.fujitsu.com) lvxianguo (lvxianguo@inspur.com) @@ -288,6 +290,7 @@ Mathias Bjoerkqvist (mbj@zurich.ibm.com) Matt Kassawara (mkassawara@gmail.com) Matt Riedemann (mriedem@us.ibm.com) Matthew Oliver (matt@oliver.net.au) +Matthew Vernon (mvernon@wikimedia.org) Matthieu Huin (mhu@enovance.com) Mauro Stettler (mauro.stettler@gmail.com) Mehdi Abaakouk (sileht@redhat.com) diff --git a/CHANGELOG b/CHANGELOG index ab49034b5..2c84082ce 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,4 +1,22 @@ -swift (2.28.0) +swift (2.28.1, xena stable backports) + * Fixed a security issue in how `s3api` handles XML parsing that allowed + authenticated S3 clients to read arbitrary files from proxy servers. + Refer to CVE-2022-47950 for more information. + + * Constant-time string comparisons are now used when checking S3 API + signatures. + + * Fixed a path-rewriting bug introduced in Python 3.7.14, 3.8.14, 3.9.14, + and 3.10.6 that could cause some `domain_remap` requests to be routed to + the wrong object. + + * Improved compatibility with certain FIPS-mode-enabled systems. + + * Ensure that non-durable data and .meta files are purged from handoffs + after syncing. + + +swift (2.28.0, OpenStack Xena) * Sharding improvements: diff --git a/releasenotes/notes/2_28_1_release-f71f8c034dd44ce7.yaml b/releasenotes/notes/2_28_1_release-f71f8c034dd44ce7.yaml new file mode 100644 index 000000000..a4da8a1e0 --- /dev/null +++ b/releasenotes/notes/2_28_1_release-f71f8c034dd44ce7.yaml @@ -0,0 +1,24 @@ +--- +security: + - | + Fixed a security issue in how ``s3api`` handles XML parsing that allowed + authenticated S3 clients to read arbitrary files from proxy servers. + Refer to `CVE-2022-47950 `__ + for more information. + + - | + Constant-time string comparisons are now used when checking S3 API + signatures. + +fixes: + - | + Fixed a path-rewriting bug introduced in Python 3.7.14, 3.8.14, 3.9.14, + and 3.10.6 that could cause some ``domain_remap`` requests to be routed to + the wrong object. + + - | + Improved compatibility with certain FIPS-mode-enabled systems. + + - | + Ensure that non-durable data and .meta files are purged from handoffs + after syncing. -- cgit v1.2.1