glusterdocs/docs/release-notes/5.1.md

Release notes for Gluster 5.1

This is a bugfix release. The release notes for 5.0 contains a listing of all the new features that were added and bugs fixed in the GlusterFS 5 stable release.

NOTE: Next minor release tentative date: Week of 10th December, 2018

Major changes, features and limitations addressed in this release

This release contains fixes for several security vulnerabilities in Gluster as follows,

• https://nvd.nist.gov/vuln/detail/CVE-2018-14651
• https://nvd.nist.gov/vuln/detail/CVE-2018-14652
• https://nvd.nist.gov/vuln/detail/CVE-2018-14653
• https://nvd.nist.gov/vuln/detail/CVE-2018-14654
• https://nvd.nist.gov/vuln/detail/CVE-2018-14659
• https://nvd.nist.gov/vuln/detail/CVE-2018-14660
• https://nvd.nist.gov/vuln/detail/CVE-2018-14661

Major issues

None

Bugs addressed

Bugs addressed since release-5.0 are listed below.

• #1641429: Gfid mismatch seen on shards when lookup and mknod are in progress at the same time
• #1641440: [ovirt-gluster] Mount hung and not accessible
• #1641872: Spurious failures in bug-1637802-arbiter-stale-data-heal-lock.t
• #1643078: tests/bugs/glusterd/optimized-basic-testcases-in-cluster.t failing
• #1643402: [Geo-Replication] Geo-rep faulty sesion because of the directories are not synced to slave.
• #1644158: geo-rep: geo-replication gets stuck after file rename and gfid conflict
• #1644161: cliutils: geo-rep cliutils' usage of Popen is not python3 compatible
• #1644314: build/packaging: el-X (x > 7) isms
• #1644514: geo-rep: On gluster command failure on slave, worker crashes with python3
• #1644515: geo-rep: gluster-mountbroker status crashes
• #1644526: Excessive logging in posix_update_utime_in_mdata
• #1644622: [Stress] : Mismatching iatt in glustershd logs during MTSH and continous IO from Ganesha mounts
• #1644645: [AFR] : Start crawling indices and healing only if both data bricks are UP in replica 2 (thin-arbiter)
• #1646204: CVE-2018-14654 glusterfs: "features/index" translator can create arbitrary, empty files [fedora-all]
• #1646896: [Geo-Replication] Geo-rep faulty sesion because of the directories are not synced to slave.
• #1647663: CVE-2018-14651 glusterfs: glusterfs server exploitable via symlinks to relative paths [fedora-all]
• #1647664: CVE-2018-14653 glusterfs: Heap-based buffer overflow via "gf_getspec_req" RPC message [fedora-all]
• #1647665: CVE-2018-14659 glusterfs: Unlimited file creation via "GF_XATTR_IOSTATS_DUMP_KEY" xattr allows for denial of service [fedora-all]
• #1647666: CVE-2018-14661 glusterfs: features/locks translator passes an user-controlled string to snprintf without a proper format string resulting in a denial of service [fedora-all]
• #1647801: can't enable shared-storage
• #1647962: CVE-2018-14660 glusterfs: Repeat use of "GF_META_LOCK_KEY" xattr allows for memory exhaustion [fedora-all]
• #1647968: Seeing defunt translator and discrepancy in volume info when issued from node which doesn't host bricks in that volume
• #1648923: gfapi: fix bad dict setting of lease-id