]> git-server-git.apps.pok.os.sepia.ceph.com Git - ceph.git/commitdiff
projects / ceph.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6edb1e9)
doc: 14.2.21 Release Notes
authorDavid Galloway <dgallowa@redhat.com>
Thu, 13 May 2021 19:02:27 +0000 (15:02 -0400)
committerSage Weil <sage@newdream.net>
Thu, 13 May 2021 22:28:23 +0000 (17:28 -0500)
Signed-off-by: David Galloway <dgallowa@redhat.com>
doc/releases/index.rst patch | blob | history
doc/releases/nautilus.rst patch | blob | history
doc/releases/releases.yml patch | blob | history

diff --git a/doc/releases/index.rst b/doc/releases/index.rst
index 56204a08f75001ba61a96b0881f87248c5b404d0..870e8ede666f8a3a1bda9e1616569236be488b2c 100644 (file)
--- a/doc/releases/index.rst
+++ b/doc/releases/index.rst
@@ -80,6 +80,7 @@ Release timeline
 .. _15.2.0: octopus#v15-2-0-octopus
 
 .. _Nautilus: nautilus
+.. _14.2.21: nautilus#v14-2-21-nautilus
 .. _14.2.20: nautilus#v14-2-20-nautilus
 .. _14.2.19: nautilus#v14-2-19-nautilus
 .. _14.2.18: nautilus#v14-2-18-nautilus
diff --git a/doc/releases/nautilus.rst b/doc/releases/nautilus.rst
index 7292e8118d3b87343ba1af005b907f97fec2b3ec..911175fe969c0017e218c0a74e6d0d652af54194 100644 (file)
--- a/doc/releases/nautilus.rst
+++ b/doc/releases/nautilus.rst
@@ -5,6 +5,19 @@ Nautilus
 Nautilus is the 14th stable release of Ceph.  It is named after the
 nautilus, a family of cephalopods characterized by a whorled shell.
 
+v14.2.21 Nautilus
+=================
+
+This is a hotfix release addressing a number of security issues and regressions. We recommend all users update to this release.
+
+Changelog
+---------
+
+* mgr/dashboard: fix base-href: revert it to previous approach (`issue#50684 <https://tracker.ceph.com/issues/50684>`_, Avan Thakkar)
+* mgr/dashboard: fix cookie injection issue (:ref:`CVE-2021-3509`, Ernesto Puerta)
+* rgw: RGWSwiftWebsiteHandler::is_web_dir checks empty subdir_name (:ref:`CVE-2021-3531`, Felix Huettner)
+* rgw: sanitize \r in s3 CORSConfiguration's ExposeHeader (:ref:`CVE-2021-3524`, Sergey Bobrov, Casey Bodley)
+
 
 v14.2.20 Nautilus
 =================
diff --git a/doc/releases/releases.yml b/doc/releases/releases.yml
index 12342f64d9240aa946820196483acc8411991192..c78c8fb33275ffd03fce37973f87b69d75d74d9d 100644 (file)
--- a/doc/releases/releases.yml
+++ b/doc/releases/releases.yml
@@ -57,6 +57,8 @@ releases:
   nautilus:
     target_eol: 2021-06-01
     releases:
+      - version: 14.2.21
+        released: 2021-05-13
       - version: 14.2.20
         released: 2021-04-19
       - version: 14.2.19
Unnamed repository; edit this file 'description' to name the repository.