openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 21:46:22 +01:00
Code Issues Releases Activity

MIG-1476: release notes for MTC 1.8.1

Browse Source 
Signed-off-by: Andy Arnold <anarnold@redhat.com>
This commit is contained in:
Andy Arnold
2023-10-23 22:37:22 +01:00
committed by openshift-cherrypick-robot
parent aa521901b6
commit 2274adcdab
2 changed files with 27 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
migration_toolkit_for_containers/mtc-release-notes.adoc
View File

@@ -17,6 +17,7 @@ You can migrate from xref:../migrating_from_ocp_3_to_4/about-migrating-from-3-to
For information on the support policy for {mtc-short}, see link:https://access.redhat.com/support/policy/updates/openshift#app_migration[OpenShift Application and Cluster Migration Solutions], part of the _Red Hat {product-title} Life Cycle Policy_.
include::modules/migration-mtc-release-notes-1-8-1.adoc[leveloffset=+1]
include::modules/migration-mtc-release-notes-1-8.adoc[leveloffset=+1]
include::modules/migration-mtc-release-notes-1-7-13.adoc[leveloffset=+1]
include::modules/migration-mtc-release-notes-1-7-12.adoc[leveloffset=+1]

26
modules/migration-mtc-release-notes-1-8-1.adoc Normal file
View File

@@ -0,0 +1,26 @@
// Module included in the following assemblies:
//
// * migration_toolkit_for_containers/mtc-release-notes.adoc
:_content-type: REFERENCE
[id="migration-mtc-release-notes-1-8-1_{context}"]
= {mtc-full} 1.8.1 release notes
[id="resolved-issues-1-8-1_{context}"]
== Resolved issues
This release has the following major resolved issues:
.CVE-2023-39325: golang: net/http, x/net/http2: rapid stream resets can cause excessive work
A flaw was found in handling multiplexed streams in the HTTP/2 protocol, which is used by {mtc-full} ({mtc-short}). A client could repeatedly make a request for a new multiplex stream and immediately send an `RST_STREAM` frame to cancel it. This creates additional workload for the server in terms of setting up and dismantling streams, while avoiding any server-side limitations on the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. link:https://bugzilla.redhat.com/show_bug.cgi?id=2245079[(BZ#2245079)]
It is advised to update to {mtc-short} 1.8.1 or later, which resolve this issue.
For more details, see link:https://access.redhat.com/security/cve/cve-2023-39325[(CVE-2023-39325)] and link:https://access.redhat.com/security/cve/cve-2023-44487[(CVE-2023-44487)]
[id="known-issues-1-8-1_{context}"]
== Known issues
There are no major known issues in this release.