From: David Galloway Date: Thu, 13 May 2021 19:02:27 +0000 (-0400) Subject: doc: 14.2.21 Release Notes X-Git-Tag: v17.1.0~1973^2~1 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=df85829df00771e0df02af82ea915340f489341f;p=ceph.git doc: 14.2.21 Release Notes Signed-off-by: David Galloway --- diff --git a/doc/releases/index.rst b/doc/releases/index.rst index 56204a08f750..870e8ede666f 100644 --- a/doc/releases/index.rst +++ b/doc/releases/index.rst @@ -80,6 +80,7 @@ Release timeline .. _15.2.0: octopus#v15-2-0-octopus .. _Nautilus: nautilus +.. _14.2.21: nautilus#v14-2-21-nautilus .. _14.2.20: nautilus#v14-2-20-nautilus .. _14.2.19: nautilus#v14-2-19-nautilus .. _14.2.18: nautilus#v14-2-18-nautilus diff --git a/doc/releases/nautilus.rst b/doc/releases/nautilus.rst index 7292e8118d3b..911175fe969c 100644 --- a/doc/releases/nautilus.rst +++ b/doc/releases/nautilus.rst @@ -5,6 +5,19 @@ Nautilus Nautilus is the 14th stable release of Ceph. It is named after the nautilus, a family of cephalopods characterized by a whorled shell. +v14.2.21 Nautilus +================= + +This is a hotfix release addressing a number of security issues and regressions. We recommend all users update to this release. + +Changelog +--------- + +* mgr/dashboard: fix base-href: revert it to previous approach (`issue#50684 `_, Avan Thakkar) +* mgr/dashboard: fix cookie injection issue (:ref:`CVE-2021-3509`, Ernesto Puerta) +* rgw: RGWSwiftWebsiteHandler::is_web_dir checks empty subdir_name (:ref:`CVE-2021-3531`, Felix Huettner) +* rgw: sanitize \r in s3 CORSConfiguration's ExposeHeader (:ref:`CVE-2021-3524`, Sergey Bobrov, Casey Bodley) + v14.2.20 Nautilus ================= diff --git a/doc/releases/releases.yml b/doc/releases/releases.yml index 12342f64d924..c78c8fb33275 100644 --- a/doc/releases/releases.yml +++ b/doc/releases/releases.yml @@ -57,6 +57,8 @@ releases: nautilus: target_eol: 2021-06-01 releases: + - version: 14.2.21 + released: 2021-05-13 - version: 14.2.20 released: 2021-04-19 - version: 14.2.19