Today I'm happy to announce that we have released Swift 1.12.0. As always, this is a stable release and you can upgrade to this version of Swift with no customer downtime. You can download the code for this release at https://launchpad.net/swift/icehouse/1.12.0 or bug your package provider for the updated version. I've noticed that OpenStack Swift releases tend to cluster around certain themes. This release is no different. While we've added some nice end-user updates to the project, this release has a ton of good stuff for cluster operators. I'll highlight a few of the major improvements below, but I encourage you to read the entire change log at https://github.com/openstack/swift/blob/master/CHANGELOG. ## Security update **CVE-2014-006** Fixed CVE-2014-0006 to avoid a potential timing attack with temp url. Key validation previously was not using a constant-time string compare, and therefore it may have been possible for an attacker to guess tempurl keys if the object name was known and tempurl had been enabled for that Swift user account. The tempurl key validation now uses a constant-time string compare to close this potential attack vector. ## Major End-User Features **New information added to /info** We added discoverable capabilities via the /info endpoint in a recent release. In this release we have added all of the general cluster constraints to the /info response. This means that a client can discover the cluster limits on names, metadata, and object sizes. We've also added information about the support temp url methods and large object constraints in the cluster. **Last-Modified header values** The Last-Modified header value returned will now be the object's timestamp rounded up to the next second. This allows subsequent requests with If-[un]modified-Since to use the Last-Modified value as expected. ## Major Deployer Features **Generic means for persisting system metadata** Swift now supports system-level metadata on accounts and containers. System metadata provides a means to store internal custom metadata with associated Swift resources in a safe and secure fashion without actually having to plumb custom metadata through the core swift servers. The new gatekeeper middleware prevents this system metadata from leaking into the request or being set by a client. **Middleware changes** As mentioned above, there is a new "gatekeeper" middleware to guard the system metadata. In order to ensure that system metadata doesn't leak into the response, the gatekeeper middleware will be automatically inserted near the beginning of the proxy pipeline if it is not explicitly referenced. Similarly, the catch_errors middleware is also forced to the front of the proxy pipeline if it is not explicitly referenced. Note that for either of these middlewares, if they are already in the proxy pipeline, Swift will not reorder the pipeline. **New container sync configuration option** Container sync has new options to better support syncing containers across multiple clusters without the end-user needing to know he required endpoint. See http://swift.openstack.org/overview_container_sync.html for full information. **Bulk middleware config default changed** The bulk middleware allows the client to send a large body of work to the cluster with just one request. Since this work may take a while to return, Swift can periodically send back whitespace before the actual response data in order to keep the client connection alive. The config parameter to set the minimum frequency of these whitespace characters is set by the yield_frequency value. The default value was lowered from 60 seconds to 10 seconds. This change does not affect deployments, and there is no migration process needed. **Raise RLIMIT_NPROC** In order to support denser storage systems, Swift processes will not attempt to set the RLIMIT_NPROC value to 8192 **Server exit codes** Swift processes will now exist with non-zero exist codes on config errors **Quarantine logs** Swift will now log at warn level when an object is quarantined ## Community growth This release of Swift is the work of twenty-three devs includes eight first-time contributors to the project: * Morgan Fainberg * Zhang Jinnan * Kiyoung Jung * Steve Kowalik * Sushil Kumar * Cristian A Sanchez * Jeremy Stanley * Yuriy Taraday Thank you to everyone who contributes code, promotes the project, and facilitates the community. Your contributions are what make this project successful. --John
participants (1)
-
John Dickinson