From: Zac Dover Date: Mon, 10 Oct 2022 14:15:11 +0000 (+1000) Subject: doc/releases: improve grammar in pacific.rst X-Git-Tag: v16.2.11~269^2 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=00d8cbf2cc3b52f7b5af82a4e56679388e8e5d90;p=ceph.git doc/releases: improve grammar in pacific.rst This commit accepts the grammar suggestions that were made by Cole Mitchell in https://github.com/ceph/ceph/pull/48404. (cherry picked from commit 560d7590fdf66ef3827203bc7c5725f167a1a7b2) Signed-off-by: Zac Dover --- diff --git a/doc/releases/pacific.rst b/doc/releases/pacific.rst index 941d4ac22149..3ea6a34c37c2 100644 --- a/doc/releases/pacific.rst +++ b/doc/releases/pacific.rst @@ -9,25 +9,25 @@ This is a hotfix release that resolves two security flaws. Notable Changes --------------- -* Users who were running OpenStack Manila to export native CephFS, who +* Users who were running OpenStack Manila to export native CephFS and who upgraded their Ceph cluster from Nautilus (or earlier) to a later - major version, were vulnerable to an attack by malicious users. The + major version were vulnerable to an attack by malicious users. The vulnerability allowed users to obtain access to arbitrary portions of - the CephFS filesystem hierarchy, instead of being properly restricted + the CephFS filesystem hierarchy instead of being properly restricted to their own subvolumes. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This plugin is responsible for - managing Ceph File System subvolumes which are used by OpenStack + managing Ceph File System subvolumes, which are used by OpenStack Manila services as a way to provide shares to Manila users. With this hotfix, the vulnerability is fixed. Administrators who are concerned they may have been impacted should audit the CephX keys in their cluster for proper path restrictions. - - Again, this vulnerability only impacts OpenStack Manila clusters which + + Again, this vulnerability impacts only OpenStack Manila clusters that provided native CephFS access to their users. * A regression made it possible to dereference a null pointer for - for s3website requests that don't refer to a bucket resulting in an RGW + s3website requests that don't refer to a bucket resulting in an RGW segfault. Changelog