[openstack-announce] [Swift] release 1.12.0

John Dickinson me at not.mn
Tue Jan 28 17:04:37 UTC 2014

Today I'm happy to announce that we have released Swift 1.12.0. As
always, this is a stable release and you can upgrade to this version
of Swift with no customer downtime.

You can download the code for this release at
https://launchpad.net/swift/icehouse/1.12.0 or bug your package
provider for the updated version.

I've noticed that OpenStack Swift releases tend to cluster around
certain themes. This release is no different. While we've added some
nice end-user updates to the project, this release has a ton of good
stuff for cluster operators.

I'll highlight a few of the major improvements below, but I encourage
you to read the entire change log at

## Security update


Fixed CVE-2014-0006 to avoid a potential timing attack with temp url.
Key validation previously was not using a constant-time string
compare, and therefore it may have been possible for an attacker to
guess tempurl keys if the object name was known and tempurl had been
enabled for that Swift user account. The tempurl key validation now
uses a constant-time string compare to close this potential attack

## Major End-User Features

**New information added to /info**

We added discoverable capabilities via the /info endpoint in a recent
release. In this release we have added all of the general cluster
constraints to the /info response. This means that a client can
discover the cluster limits on names, metadata, and object sizes.
We've also added information about the support temp url methods and
large object constraints in the cluster.

**Last-Modified header values**

The Last-Modified header value returned will now be the object's
timestamp rounded up to the next second. This allows subsequent
requests with If-[un]modified-Since to use the Last-Modified value as

## Major Deployer Features

**Generic means for persisting system metadata**

Swift now supports system-level metadata on accounts and containers.
System metadata provides a means to store internal custom metadata
with associated Swift resources in a safe and secure fashion without
actually having to plumb custom metadata through the core swift
servers. The new gatekeeper middleware prevents this system metadata
from leaking into the request or being set by a client.

**Middleware changes**

As mentioned above, there is a new "gatekeeper" middleware to guard
the system metadata. In order to ensure that system metadata doesn't
leak into the response, the gatekeeper middleware will be
automatically inserted near the beginning of the proxy pipeline if it
is not explicitly referenced. Similarly, the catch_errors middleware
is also forced to the front of the proxy pipeline if it is not
explicitly referenced. Note that for either of these middlewares, if
they are already in the proxy pipeline, Swift will not reorder the

**New container sync configuration option**

Container sync has new options to better support syncing containers
across multiple clusters without the end-user needing to know he
required endpoint. See
http://swift.openstack.org/overview_container_sync.html for full

**Bulk middleware config default changed**

The bulk middleware allows the client to send a large body of work to
the cluster with just one request. Since this work may take a while to
return, Swift can periodically send back whitespace before the actual
response data in order to keep the client connection alive. The config
parameter to set the minimum frequency of these whitespace characters
is set by the yield_frequency value. The default value was lowered
from 60 seconds to 10 seconds. This change does not affect
deployments, and there is no migration process needed.


In order to support denser storage systems, Swift processes will not
attempt to set the RLIMIT_NPROC value to 8192

**Server exit codes**

Swift processes will now exist with non-zero exist codes on config errors

**Quarantine logs**

Swift will now log at warn level when an object is quarantined

## Community growth

This release of Swift is the work of twenty-three devs includes eight
first-time contributors to the project:

* Morgan Fainberg
* Zhang Jinnan
* Kiyoung Jung
* Steve Kowalik
* Sushil Kumar
* Cristian A Sanchez
* Jeremy Stanley
* Yuriy Taraday

Thank you to everyone who contributes code, promotes the project, and
facilitates the community. Your contributions are what make this
project successful. 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.openstack.org/pipermail/openstack-announce/attachments/20140128/15b4225f/attachment.pgp>

More information about the OpenStack-announce mailing list