glusterdocs/docs/release-notes/4.1.6.md

Release notes for Gluster 4.1.6

This is a bugfix release. The release notes for 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4 and 4.1.5 contains a listing of all the new features that were added and bugs fixed in the GlusterFS 4.1 stable release.

NOTE: Next minor release tentative date: Week of 20th January, 2019

Major changes, features and limitations addressed in this release

This release contains fixes for several security vulnerabilities in Gluster as follows,

• https://nvd.nist.gov/vuln/detail/CVE-2018-14651
• https://nvd.nist.gov/vuln/detail/CVE-2018-14652
• https://nvd.nist.gov/vuln/detail/CVE-2018-14653
• https://nvd.nist.gov/vuln/detail/CVE-2018-14654
• https://nvd.nist.gov/vuln/detail/CVE-2018-14659
• https://nvd.nist.gov/vuln/detail/CVE-2018-14660
• https://nvd.nist.gov/vuln/detail/CVE-2018-14661

Major issues

None

Bugs addressed

Bugs addressed since release-4.1.5 are listed below.

• #1632013: georep: hard-coded paths in gsyncd.conf.in
• #1633479: 'df' shows half as much space on volume after upgrade to RHGS 3.4
• #1633634: split-brain observed on parent dir
• #1635979: Writes taking very long time leading to system hogging
• #1635980: Low Random write IOPS in VM workloads
• #1636218: [SNAPSHOT]: with brick multiplexing, snapshot restore will make glusterd send wrong volfile
• #1637953: data-self-heal in arbiter volume results in stale locks.
• #1641761: Spurious failures in bug-1637802-arbiter-stale-data-heal-lock.t
• #1643052: Seeing defunt translator and discrepancy in volume info when issued from node which doesn't host bricks in that volume
• #1643075: tests/bugs/glusterd/optimized-basic-testcases-in-cluster.t failing
• #1643929: geo-rep: gluster-mountbroker status crashes
• #1644163: geo-rep: geo-replication gets stuck after file rename and gfid conflict
• #1644474: afr/lease: Read child nodes from lease structure
• #1644516: geo-rep: gluster-mountbroker status crashes
• #1644518: [Geo-Replication] Geo-rep faulty sesion because of the directories are not synced to slave.
• #1644524: Excessive logging in posix_update_utime_in_mdata
• #1645363: CVE-2018-14652 glusterfs: Buffer overflow in "features/locks" translator allows for denial of service [fedora-all]
• #1646200: CVE-2018-14654 glusterfs: "features/index" translator can create arbitrary, empty files [fedora-all]
• #1646806: [Geo-rep]: Faulty geo-rep sessions due to link ownership on slave volume
• #1647667: CVE-2018-14651 glusterfs: glusterfs server exploitable via symlinks to relative paths [fedora-all]
• #1647668: CVE-2018-14661 glusterfs: features/locks translator passes an user-controlled string to snprintf without a proper format string resulting in a denial of service [fedora-all]
• #1647669: CVE-2018-14659 glusterfs: Unlimited file creation via "GF_XATTR_IOSTATS_DUMP_KEY" xattr allows for denial of service [fedora-all]
• #1647670: CVE-2018-14653 glusterfs: Heap-based buffer overflow via "gf_getspec_req" RPC message [fedora-all]
• #1647972: CVE-2018-14660 glusterfs: Repeat use of "GF_META_LOCK_KEY" xattr allows for memory exhaustion [fedora-all]
• #1648367: crash seen while running regression, intermittently.
• #1648938: gfapi: fix bad dict setting of lease-id
• #1648982: packaging: don't include bd.so in rpm when --without bd