From f6e56737408e2db3da8f6f81d3ae5d4a5dbe943c Mon Sep 17 00:00:00 2001 From: Patrick Donnelly Date: Tue, 17 Mar 2026 13:29:35 -0400 Subject: [PATCH] doc: add notable/security changes in v18.2.8 AI-Assisted: scan of changeset to indicate notable changes Signed-off-by: Patrick Donnelly --- doc/releases/reef.rst | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/doc/releases/reef.rst b/doc/releases/reef.rst index 5a0f9df0e621..db26baba5de7 100644 --- a/doc/releases/reef.rst +++ b/doc/releases/reef.rst @@ -26,10 +26,39 @@ Known Issues however, out of an abundance of caution, we no longer recommend upgrading from Pacific to Reef directly. +Security Fixes +-------------- + +* CephFS Client: A fix was merged to prohibit unprivileged users from modifying + the sgid or suid bits on a file. Previously, unprivileged users were + inadvertently permitted to set these bits if they were the sole bits being + modified. + +* Mgr Alerts: The SMTP SSL context was enforced in the mgr/alerts module to + resolve a security vulnerability (GHSA-xj9f-7g59-m4jx). + Notable Changes --------------- + +* RGW (RADOS Gateway): + - Fixed an issue where bucket rm --bypass-gc was mistakenly removing head objects instead of tail objects, potentially causing data inconsistencies. + - Fixed rgw-restore-bucket-index to handle objects with leading hyphens and to process versioned buckets correctly. + - Addressed an issue in the msg/async protocol that caused memory locks and hangs during connection shutdown. + - RGW STS: Made JWKS URL verification configurable for AWS compliance via the rgw_enable_jwks_url_verification configuration. + +* CephFS / MDS: + - Prevented the MDS from stalling (up to 5 seconds) during rename/stat workloads by forcing the log to nudge for unstable locks after early replies. + - Fixed cephfs-journal-tool so it no longer incorrectly resets the journal trim position during disaster recovery, which was causing stale journal objects to linger forever in the metadata pool. + - Fixed a bug where ll_walk incorrectly processed absolute paths as relative paths. + - Prevented the ceph fs volume create command from accidentally deleting user-created pools if the command aborted during cleanup. + - MDS Batched Operations: Added a new mds_allow_batched_ops configuration option (default: true) to control whether the MDS can batch lookup or getattr RPCs. + - CephFS Subvolumes: Added the ceph fs subvolume snapshot getpath command to allow users to retrieve the absolute path of a snapshot of a subvolume. + +* BlueStore: + - Fixed a bug where the bytes_written_slow performance counter incorrectly reported 0 when using aio_write. + Changelog --------- -- 2.47.3