[release-announce] swift 2.28.1 (xena)
no-reply at openstack.org
no-reply at openstack.org
Thu Feb 2 11:47:29 UTC 2023
We are satisfied to announce the release of:
swift 2.28.1: OpenStack Object Storage
This release is part of the xena stable release series.
The source is available from:
https://opendev.org/openstack/swift
Download the package from:
https://tarballs.openstack.org/swift/
Please report issues through:
https://bugs.launchpad.net/swift/+bugs
For more details, please see below.
2.28.1
^^^^^^
Security Issues
***************
* Fixed a security issue in how "s3api" handles XML parsing that
allowed authenticated S3 clients to read arbitrary files from proxy
servers. Refer to CVE-2022-47950 for more information.
* Constant-time string comparisons are now used when checking S3 API
signatures.
Bug Fixes
*********
* Fixed a path-rewriting bug introduced in Python 3.7.14, 3.8.14,
3.9.14, and 3.10.6 that could cause some "domain_remap" requests to
be routed to the wrong object.
* Improved compatibility with certain FIPS-mode-enabled systems.
* Ensure that non-durable data and .meta files are purged from
handoffs after syncing.
Changes in swift 2.28.0..2.28.1
-------------------------------
b1916f81e Authors/ChangeLog for 2.28.1
7d13d1a82 s3api: Prevent XXE injections
29f10ecff Fix docs build
8aface90d [stable-only] Pin tox<4 for stable branches (<=stable/zed) testing
ac05ac89b CI: pin tox at the project level
a196790cc Inline parse_request from cpython
75aae4c1b Extract SwiftHttpProtocol to its own module
9a7562d60 playbooks: replace ansible_ssh_user with ansible_user
d05ddb036 py2constraints: pin PasteDeploy version
b8b3f044f CI: Add nslookup_target to FIPS jobs
c6c51be17 Stop partial()ing hashlib.new
880422583 tests: Fix swiftclient/requests log level & Ignore py36 deprecation warnings
0fa745c7f s3api: Use constant-time string comparisons in check_signature
a1c33839e CI: remove swift-tox-func-encryption-py36-centos-8 job
01955bc1b Add FIPS CI jobs
71b491b05 Fix arm64 jobs on stable/xena
68bd795a6 Fix cname_lookup test
8c41bf79b reconstructor: remove non-durable files on handoffs
7520aada3 Update TOX_CONSTRAINTS_FILE for stable/xena
29c314ea7 Update .gitreview for stable/xena
Diffstat (except docs and test files)
-------------------------------------
.gitreview | 1 +
.zuul.yaml | 112 ++++--
AUTHORS | 3 +
CHANGELOG | 20 +-
py2-constraints.txt | 1 +
.../notes/2_28_1_release-f71f8c034dd44ce7.yaml | 24 ++
swift/__init__.py | 6 +-
swift/common/http_protocol.py | 320 ++++++++++++++++
swift/common/middleware/s3api/etree.py | 2 +-
swift/common/middleware/s3api/s3request.py | 6 +-
swift/common/middleware/tempurl.py | 3 +-
swift/common/wsgi.py | 234 +-----------
swift/obj/diskfile.py | 14 +-
test/__init__.py | 4 +
test/functional/__init__.py | 3 +-
test/functional/s3api/test_xxe_injection.py | 233 ++++++++++++
test/probe/test_sharder.py | 9 +-
.../common/middleware/s3api/test_multi_delete.py | 40 ++
.../unit/common/middleware/s3api/test_s3request.py | 11 +
test/unit/common/middleware/test_cname_lookup.py | 7 +-
test/unit/common/test_http_protocol.py | 412 +++++++++++++++++++++
test/unit/common/test_wsgi.py | 335 +----------------
test/unit/helpers.py | 2 +-
test/unit/obj/test_reconstructor.py | 6 +-
test/unit/proxy/test_server.py | 3 +-
tools/playbooks/common/install_dependencies.yaml | 20 +-
tools/playbooks/dsvm/pre.yaml | 8 +-
tools/playbooks/multinode_setup/common_config.yaml | 4 +-
tools/playbooks/multinode_setup/make_rings.yaml | 8 +-
tools/playbooks/multinode_setup/pre.yaml | 8 +-
tools/playbooks/multinode_setup/run.yaml | 2 +-
.../templates/make_multinode_rings.j2 | 2 +-
.../saio_single_node_setup/setup_saio.yaml | 14 +-
tox.ini | 7 +-
34 files changed, 1240 insertions(+), 644 deletions(-)
More information about the Release-announce
mailing list