nautilus, a family of cephalopods characterized by a whorled shell.
+v14.2.20 Nautilus
+=================
+
+This is the 20th bugfix release in the Nautilus stable series. It addresses a
+security vulnerability in the Ceph authentication framework.
+
+We recommend all Nautilus users upgrade.
+
+Security fixes
+--------------
+
+* This release includes a security fix that ensures the global_id
+ value (a numeric value that should be unique for every authenticated
+ client or daemon in the cluster) is reclaimed after a network
+ disconnect or ticket renewal in a secure fashion. Two new health
+ alerts may appear during the upgrade indicating that there are
+ clients or daemons that are not yet patched with the appropriate
+ fix.
+
+ It is possible to disable the health alerts around insecure clients::
+
+ ceph config set mon mon_warn_on_insecure_global_id_reclaim_allowed false
+ ceph config set mon auth_expose_insecure_global_id_reclaim false
+
+ However, if you disable these alerts, we strongly recommend that you
+ follow up by removing these settings after clients have been
+ upgraded or after upgrading to Octopus. (Starting in Octopus, these
+ health alerts can be muted for a specific period of time.)
+
+ For more information, see :ref:`CVE-2021-20288`.
+
+
v14.2.19 Nautilus
=================
order of 8-limbed cephalopods.
+v15.2.11 Octopus
+================
+
+This is the 11th bugfix release in the Octopus stable series. It addresses a
+security vulnerability in the Ceph authentication framework.
+
+We recommend all Octopus users upgrade.
+
+Security fixes
+--------------
+
+* This release includes a security fix that ensures the global_id
+ value (a numeric value that should be unique for every authenticated
+ client or daemon in the cluster) is reclaimed after a network
+ disconnect or ticket renewal in a secure fashion. Two new health
+ alerts may appear during the upgrade indicating that there are
+ clients or daemons that are not yet patched with the appropriate
+ fix.
+
+ To temporarily mute the health alerts around insecure clients for the duration of the
+ upgrade, you may want to::
+
+ ceph health mute AUTH_INSECURE_GLOBAL_ID_RECLAIM 1h
+ ceph health mute AUTH_INSECURE_GLOBAL_ID_RECLAIM_ALLOWED 1h
+
+ For more information, see :ref:`CVE-2021-20288`.
+
+
v15.2.10 Octopus
================
giant pacific octopus (Enteroctopus dofleini).
+v16.2.1 Pacific
+===============
+
+This is the first bugfix release in the Pacific stable series. It addresses a
+security vulnerability in the Ceph authentication framework.
+
+We recommend all Pacific users upgrade.
+
+Security fixes
+--------------
+
+* This release includes a security fix that ensures the global_id
+ value (a numeric value that should be unique for every authenticated
+ client or daemon in the cluster) is reclaimed after a network
+ disconnect or ticket renewal in a secure fashion. Two new health
+ alerts may appear during the upgrade indicating that there are
+ clients or daemons that are not yet patched with the appropriate
+ fix.
+
+ To temporarily mute the health alerts around insecure clients for the duration of the
+ upgrade, you may want to::
+
+ ceph health mute AUTH_INSECURE_GLOBAL_ID_RECLAIM 1h
+ ceph health mute AUTH_INSECURE_GLOBAL_ID_RECLAIM_ALLOWED 1h
+
+ For more information, see :ref:`CVE-2021-20288`.
+
+
+
v16.2.0 Pacific
===============
pacific:
target_eol: 2023-06-01
releases:
+ - version: 16.2.1
+ released: 2021-04-19
- version: 16.2.0
released: 2021-03-31
octopus:
target_eol: 2022-06-01
releases:
+ - version: 15.2.11
+ released: 2021-04-19
- version: 15.2.10
released: 2021-03-18
- version: 15.2.9
nautilus:
target_eol: 2021-06-01
releases:
+ - version: 14.2.20
+ released: 2021-04-19
- version: 14.2.19
released: 2021-03-30
- version: 14.2.18
projects / ceph.git / commitdiff